Cisco 4700M Configuration Manual page 103
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Chapter 2
Configuring Authentication and Accounting Services
Setting the Global Preshared Key
OL-16202-01
Configuring the ACE as a Client of a RADIUS, TACACS+, or LDAP Server
timeout seconds—(Optional) By default, the ACE waits 1 second for the
•
TACACS+ server to reply to an authentication request before it declares a
timeout failure and attempts to contact the next server in the group. If all
servers in the group are unavailable for authentication and accounting, the
ACE tries the local database if you configured it as a local fallback method
using the aaa authentication login or the aaa accounting default command.
Use the timeout keyword to change the time interval that the ACE waits for
the TACACS+ server to reply to an authentication request. Valid entries are
from 1 to 60 seconds. The default is 1 second. For the specified server, this
command overrides the global setting that was assigned by using the
tacacs-server timeout command.
For example, to configure TACACS+ server authentication parameters, enter:
host1/Admin(config)# tacacs-server host 192.168.3.2 key HostKey
host1/Admin(config)# tacacs-server host 192.168.3.2 port 1645
host1/Admin(config)# tacacs-server host 192.168.3.2 timeout 5
To remove the TACACS+ server from the configuration, enter:
host1/Admin(config)# no tacacs-server host 192.168.3.2 key HostKey
You can globally configure an authentication key for communication between the
ACE and the TACACS+ daemon that runs on each TACACS+ server by using the
tacacs-server key command. The key is a text string that must match the
encryption key used on the TACACS+ server. TACACS+ keys are always stored
in encrypted form in persistent storage on the ACE. This global key is applied to
those TACACS+ servers in a named server group for which a shared secret is not
individually configured by the tacacs-server host command.
The syntax of this command is as follows:
tacacs-server key shared_secret | 0 shared_secret | 7 shared_secret
The arguments and keywords are as follows:
shared_secret—Key used to authenticate communication between the
•
TACACS+ client and server. The shared secret must match the one configured
on the TACACS+ server. Enter the shared secret as a case-sensitive string
with no spaces with a maximum of 63 alphanumeric characters or you can
enter spaces if you enclose the entire key with quotation marks (for example,
"my key").
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-33
Advertisement
Table of Contents
