Cisco Systems SN 5428-2

9-13

Cisco SN5428-2 Storage Router Software Configuration Guide

OL-5239-01

Chapter9 Configuring Authentication

Configuring Authentication Services

TACACS+ Hosts

Use the commands in the following procedure to configure TACACS+ authentication services.

Local Username Database

Use the commands in the following procedure to configure a local username database.

Command Description

Step1 enable Enter Administrator mode.

Step2 tacacs-server host 10.7.0.22

tacacs-server host 10.7.0.41

tacacs-server host 10.7.0.45

Specify the TACACS+ servers to be used for authentication. For

example, specify the TACACS+ servers at 10.7.0.22, 10.7.0.41,

and 10.7.0.45 for use by the storage router. Because no port is

specified, the authentication requests use the default port 49. The

global timeout value is also used.

Like RADIUS servers, TACACS+ servers are accessed in the order

in which they are defined (or for a specified server group, in the

order they are defined in the group).

See the Cisco SN 5400 Series Storage Router Command Reference

for more information about the tacacs-server host command.

Step3 tacacs-server key tacacs123SN Configure the global authentication and encryption key to be used

for all TACACS+ communications between the SN5428-2 and the

TACACS+ servers. For example, set the key to tacacs123SN.

This key must match the key used by the TACACS+ daemon.

Command Description

Step1 enable Enter Administrator mode.

Step2 username labserver password

foo

username labserver2 password

foo2

Enter a user name and password for each host requiring

authentication prior to access to storage and for each user

requiring Monitor mode access to the SN 5428-2 via console,

Telnet or SSH management sessions. For example, add the

following user name and password combinations:

•labserver and foo

•labserver2 and foo2

For iSCSI authentication, user name and password pairs must

match the CHAP user name and password pairs configured for the

iSCSI drivers that require access to storage via the SCSI routing

instances that have iSCSI authentication enabled.

If other services are also used (such as RADIUS or TACACS+),

these user name and password pairs must also be configured within

the databases those services use for authentication purposes.