Chapter 18: Security Configuration Guide

Configuring TACACS Plus

You can secure login or Enable mode access to the SSR by enabling a TACACS Plus client. A TACACS Plus server responds to the SSR TACACS Plus client to provide authentication.

You can configure up to five TACACS Plus server targets on the SSR. A timeout is set to tell the SSR how long to wait for a response from TACACS Plus servers.

To configure TACACS Plus security, enter the following commands in Configure mode:

Specify a TACACS Plus server.

tacacs-plus set server <hostname or IP-addr>

 

 

Set the TACACS Plus time to wait

tacacs-plus set timeout <number>

for a TACACS Plus server reply.

 

 

 

Determine the SSR action if no

tacacs-plus set last-resort

server responds.

passwordsucceed

 

 

Enable TACACS Plus.

tacacs-plus enable

 

 

Cause TACACS Plus

tacacs-plus authentication loginenable

authentication at user login or

 

when user tries to access Enable

 

mode.

 

 

 

Cause TACACS Plus

tacacs-plus authentication loginenable

authentication at user login or

 

when user tries to access Enable

 

mode.

 

 

 

Logs specified types of command

tacacs-plus accounting command level

to TACACS Plus server.

<level>

 

 

Logs to TACACS Plus server

tacacs-plus accounting shell

when shell is stopped or started

startstopall

on SSR.

 

 

 

Logs to TACACS Plus server

tacacs-plus accounting snmp

SNMP changes to startup or

activestartup

active configuration.

 

 

 

Logs specified type(s) of

tacacs-plus accounting system

messages to TACACS Plus server.

fatalerrorwarninginfo

 

 

Monitoring TACACS Plus

You can monitor TACACS Plus configuration and statistics within the SSR.

274

SmartSwitch Router User Reference Manual

Page 274
Image 274
Cabletron Systems SmartSwitch manual Configuring Tacacs Plus, Monitoring Tacacs Plus