90 BigIron RX Series Configuration Guide53-1002253-01Configuring TACACS and TACACS+ security4When you display the configuration of the device, the TACACS+ keys are encrypted.BigIron RX(config)# tacacs-server key 1 abcBigIron RX(config)# write terminal...tacacs-server host 1.2.3.5 auth-port 49tacacs key 1 $!2dNOTEEncryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1parameter is not required; it is provided for backwards compatibility.Setting the retransmission limitThe retransmit parameter specifies how many times the device will resend an authenticationrequest when the TACACS and TACACS+ server does not respond. The retransmit limit can be from1 – 5 times. The default is 3 times.To set the TACACS and TACACS+ retransmit limit, enter the following command.BigIron RX(config)# tacacs-server retransmit 5Syntax: tacacs-server retransmit Setting the dead time parameterThe dead-time parameter specifies how long the device waits for the primary authentication serverto reply before deciding the server is dead and trying to authenticate using the next server. Thedead-time value can be from 1 – 5 seconds. The default is 3 seconds.To set the TACACS and TACACS+ dead-time value, enter the following command.BigIron RX(config)# tacacs-server dead-time 5Syntax: tacacs-server dead-time Setting the timeout parameterThe timeout parameter specifies how many seconds the Brocade device waits for a response fromthe TACACS and TACACS+ server before either retrying the authentication request, or determiningthat the TACACS and TACACS+ server is unavailable and moving on to the next authenticationmethod in the authentication-method list. The timeout can be from 1 – 15 seconds. The default is3 seconds.BigIron RX(config)# tacacs-server timeout 5Syntax: tacacs-server timeout Configuring authentication-method lists for TACACSand TACACS+You can use TACACS and TACACS+ to authenticate Telnet/SSH access and access to PrivilegedEXEC level and CONFIG levels of the CLI. When configuring TACACS and TACACS+ authentication,you create authentication-method lists specifically for these access methods, specifying TACACSand TACACS+ as the primary authentication method.