-
Cisco SN 5400 Series Storage Router Command Reference, Release 3.4
-
About This Guide
-
Chapter 1 - CLI Overview
-
Chapter 2 - A Commands
-
Chapter 3 - C Commands
-
Chapter 4 - D Commands
-
Chapter 5 - E Commands
-
Chapter 6 - F Commands
-
Chapter 7 - H Commands
-
Chapter 8 - I Commands
-
Chapter 9 - L Commands
-
Chapter 10 - M Commands
-
Chapter 11 - N Commands
-
Chapter 12 - P Commands
-
Chapter 13 - R Commands
-
Chapter 14 - S Commands
-
Chapter 15 - Show Commands
-
Chapter 16 - T Commands
-
Chapter 17 - U Commands
-
Chapter 18 - V Commands
-
Chapter 19 - Z Commands
-
Table Of Contents
T Commands
This chapter covers the following commands:
tacacs-server host
To specify a TACACS+ server to be used for AAA authentication services, use the tacacs-server host command. Use the no form of this command to delete the specified host.
tacacs-server host ip-address [auth-port port-number] [timeout seconds] [key key-string]
no tacacs-server host ip-address [auth-port nn]
Syntax Description
Defaults
No TACACS+ server is specified.
Command Modes
Administrator.
Command History
2.2.1
This command was introduced for the SN 5428.
3.2.1
This command was introduced for the SN 5428-2.
Usage Guidelines
AAA authentication services are used to provide iSCSI authentication for IP hosts requesting access to storage resources.
•
You can use multiple tacacs-server host commands to specify multiple TACACS+ servers. The software searches for servers in the order in which you specify them.
•
•
Use the aaa group server tacacs+ server command to add a TACACS+ server to a server group. If you delete a TACACS+ server, delete the server from the TACACS+ server using the no aaa group server tacacs+ server command.
Note
Examples
The following example specifies the server with IP address 172.29.39.46 as the TACACS+ server and uses the default port for authentication:
[SN5428-2A]# tacacs-server host 172.29.39.46The following example specifies port 52 as the destination port for authentication requests on the TACACS+ server 172.29.39.46:
[SN5428-2A]# tacacs-server host 172.29.39.46 auth-port 52The following example specifies the server with IP address 172.29.39.46 as the TACACS server, uses ports 52 as the authorization port, sets the timeout value to 6, and sets tac123 as the encryption key, matching the key on the TACACS+ server:
[SN5428-2A]# tacacs-server host 172.29.39.46 auth-port 52 timeout 6 key tac123Related Commands
tacacs-server key
To set the authentication and encryption key used for all TACACS+ communications between the storage router and the TACACS+ daemon, use the tacacs-server key command. To disable the key, use the no form of this command.
tacacs-server key key-string
no tacacs-server key
Syntax Description
key-string
The authentication and encryption key string to be used for all TACACS+ communications, in unencrypted text. If spaces are part of the key string, enclose the string in quotation marks.
Defaults
None.
Command Modes
Administrator.
Command History
2.2.1
This command was introduced for the SN 5428.
3.2.1
This command was introduced for the SN 5428-2.
Usage Guidelines
After using the aaa authentication iscsi command to configure the iSCSI authentication list to use TACACS+ authentication services, use the tacacs-server key command to set the global authentication and encryption key. The key entered as part of the command must match the key used on the TACACS+ daemon. If spaces are part of the key string, enclose the key string in quotation marks.
To override the global key for a specific TACACS+ server, use the tacacs-server host command with the key keyword.
Examples
The following example sets the global authentication and encryption key to my TACACS key string:
[SN5428-2A]# radius-server key "my TACACS key string"Related Commands
tacacs-server timeout
To set the global interval that the storage router waits for a TACACS+ server to reply, use the tacacs-server timeout command.To restore the default, use the no form of this command.
tacacs-server timeout seconds
no tacacs-server timeout
Syntax Description
seconds
The global timeout value, in seconds. Enter a value in the range of 1 to 1000. The default is 5.
Defaults
The timeout value defaults to five seconds.
Command Modes
Administrator.
Command History
2.2.1
This command was introduced for the SN 5428.
3.2.1
This command was introduced for the SN 5428-2.
Usage Guidelines
Use this command to set the number of seconds the storage router waits for a TACACS+ server to reply before timing out.
To override the global timeout value for a specific TACACS+ server, use the tacacs-server host command with the timeout keyword.
Examples
The following example sets the global timeout value to 10. You may want to increase the timeout value if you have network problems or if TACACS+ servers are slow to respond, causing persistent timeouts when a lower timeout value is used.
[SN5428-2A]# tacacs-server timeout 10Related Commands
telnet enable
To enable Telnet for the storage router and to start the Telnet server, use the telnet enable command. To disable Telnet and stop the Telnet server, use the no form of this command.
telnet enable
no telnet enable
Syntax Description
This command has no arguments or keywords.
Defaults
Telnet is enabled and the Telnet server is started by default.
Command Modes
Administrator.
Command History
2.5.1
This command was introduced for the SN 5428.
3.2.1
This command was introduced for the SN 5428-2.
Usage Guidelines
Use this command to enable Telnet for the storage router and start the Telnet server.
If Telnet is enabled and the Telnet server is running, you can still restrict Telnet access to the storage router for specific interfaces by using the restrict command.
Examples
The following example disables Telnet and stops the Telnet server:
[SN5428-2A]# no telnet enableThe following example enables Telnet and starts the Telnet server:
[SN5428-2A]# telnet enableRelated Commands
Secure access to storage router interfaces by communications protocols and services.
Display the status of the Telnet server.
