Establishing A Session With A Router If The Aaa Server Is Unreachable; Displaying The Tacacs+ Configuration; Controlling Switch Access With Radius; Understanding Radius - Cisco Catalyst 2975 Software Configuration Manual

Controlling Switch Access with RADIUS

Establishing a Session with a Router if the AAA Server is Unreachable

The aaa accounting system guarantee-first command guarantees system accounting as the first record,
which is the default condition. In some situations, users might be prevented from starting a session on
the console or terminal connection until after the system reloads, which can take more than 3 minutes.
To establish a console or Telnet session with the router if the AAA server is unreachable when the router
reloads, use the no aaa accounting system guarantee-first command.

Displaying the TACACS+ Configuration

To display TACACS+ server statistics, use the show tacacs privileged EXEC command.
Controlling Switch Access with RADIUS
This section describes how to enable and configure the RADIUS, which provides detailed accounting
information and flexible administrative control over authentication and authorization processes.
RADIUS is facilitated through AAA and can be enabled only through AAA commands.
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Security Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco
IOS Software > 12.2 Mainline > Command References.
These sections contain this configuration information:
•
•
•
•
•

Understanding RADIUS

RADIUS is a distributed client/server system that secures networks against unauthorized access.
RADIUS clients run on supported Cisco routers and switches. Clients send authentication requests to a
central RADIUS server, which contains all user authentication and network service access information.
The RADIUS host is normally a multiuser system running RADIUS server software from Cisco (Cisco
Secure Access Control Server Version 3.0), Livingston, Merit, Microsoft, or another software provider.
For more information, see the RADIUS server documentation.
We recommend a redundant connection between a switch stack and the RADIUS server. This is to help
Note
ensure that the RADIUS server remains accessible in case one of the connected stack members is
removed from the switch stack.
Catalyst 2975 Switch Software Configuration Guide
9-18
Understanding RADIUS, page 9-18
RADIUS Operation, page 9-20
RADIUS Change of Authorization, page 9-20
Configuring RADIUS, page 9-27
Displaying the RADIUS Configuration, page 9-40
Chapter 9 Configuring Switch-Based Authentication
OL-19720-02