Dell Force10 MXL Blade Configuration Manual

Also see for Force10 MXL Blade: Configuration guide Getting started guide Manual Deployment guide Configuration

Contents

492 | Securityw w w . d e l l . c o m | s u p p o r t . d e l l . c o m Figure 28-7 shows how to configure access-class from a TACACS+ server. This causes the configuredaccess-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server,FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, FTOS alsoimmediately closes the Telnet connection. Note that no matter where the user is coming from, they see thelogin prompt.Figure 28-7. Specify a TACACS+ Server HostWhen configuring a TACACS+ server host, you can set different communication parameters, such as thekey password.To specify a TACACS+ server host and configure its communication parameters, use the followingcommand in CONFIGURATION mode:To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. Ifyou configure multiple TACACS+ server hosts, FTOS attempts to connect with them in the order in whichthey were configured.To view the TACACS+ configuration, use the show running-config tacacs+ command in EXEC Privilegemode.Command Syntax Command Mode Purposetacacs-server host {hostname |ip-address} [port port-number] [timeoutseconds] [key key]CONFIGURATION Enter the host name or IP address of the TACACS+server host. Configure the optional communicationparameters for the specific host:• port port-number range: 0 to 65335. Enter a TCP portnumber. The default is 49.• timeout seconds range: 0 to 1000. Default is 10seconds.• key key: Enter a string for the key. The key can be upto 42 characters long. This key must match a keyconfigured on the TACACS+ server host. Thisparameter should be the last parameter configured.If these optional parameters are not configured, thedefault global values are applied.FTOS#FTOS(conf)#FTOS(conf)#ip access-list standard deny10FTOS(conf-std-nacl)#permit 10.0.0.0/8FTOS(conf-std-nacl)#deny anyFTOS(conf)#FTOS(conf)#aaa authentication login tacacsmethod tacacs+FTOS(conf)#aaa authentication exec tacacsauthorization tacacs+FTOS(conf)#tacacs-server host 25.1.1.2 key FTOSFTOS(conf)#FTOS(conf)#line vty 0 9FTOS(conf-line-vty)#login authentication tacacsmethodFTOS(conf-line-vty)#authorization exec tacauthorFTOS(conf-line-vty)#FTOS(conf-line-vty)#access-class deny10FTOS(conf-line-vty)#end