Example: Configuring Per Vrf For Tacacs Servers - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Configuration Examples for TACACS+
aaa authentication pap MIS-access if-needed group tacacs+ local
tacacs-server host 10.1.2.3
tacacs-server key goaway
interface serial 0
ppp authentication pap MIS-access
The lines in the preceding sample configuration are defined as follows:
• The aaa new-model command enables the AAA security services.
• The aaa authentication command defines a method list, "MIS-access," to be used on serial interfaces
running PPP. The method list, "MIS-access," means that PPP authentication is applied to all interfaces.
The if-needed keyword means that if the user has already authenticated by going through the ASCII
login procedure, then PPP authentication is not necessary and can be skipped. If authentication is needed,
the keyword group tacacs+ means that authentication will be done through TACACS+. If TACACS+
returns an ERROR of some sort during authentication, the keyword local indicates that authentication
will be attempted using the local database on the network access server.
• The tacacs-server host command identifies the TACACS+ daemon as having an IP address of 10.1.2.3.
The tacacs-server key command defines the shared encryption key to be "goaway."
• The interface command selects the line, and the ppp authentication command applies the default
method list to this line.
The following example shows the configuration for a TACACS+ daemon with an IP address of 10.2.3.4 and
an encryption key of "apple":
aaa new-model
aaa authentication login default group tacacs+ local
tacacs-server host 10.2.3.4
tacacs-server key apple
The lines in the preceding sample configuration are defined as follows:
• The aaa new-model command enables the AAA security services.
• The aaa authentication command defines the default method list. Incoming ASCII logins on all interfaces
(by default) will use TACACS+ for authentication. If no TACACS+ server responds, then the network
access server will use the information contained in the local username database for authentication.
• The tacacs-server host command identifies the TACACS+ daemon as having an IP address of 10.2.3.4.
The tacacs-server key command defines the shared encryption key to be "apple."
Example: Configuring Per VRF for TACACS Servers
The following output example shows that the group server tacacs1 is configured for per VRF AAA services:
aaa group server tacacs+ tacacs1
server-private 10.1.1.1 port 19 key cisco
ip vrf forwarding cisco
ip tacacs source-interface Loopback0
ip vrf cisco
rd 100:1
interface Loopback0
ip address 10.0.0.2 255.0.0.0
ip vrf forwarding cisco
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
898
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
