Table of Contents
Advertisement
Configuring TACACS+
Starting TACACS+ Accounting
You use the aaa accounting command with the tacacs+ keyword to turn on TACACS+ accounting for
each Cisco IOS privilege level and for network services.
Beginning in privileged EXEC mode, follow these steps to enable TACACS+ accounting:
Command
Step 1
configure terminal
Step 2
aaa accounting exec start-stop
tacacs+
Step 3
aaa accounting network start-stop
tacacs+
Step 4
exit
Configuring a Switch for Local AAA
You can configure AAA to operate without a server by setting the switch to implement AAA in local
mode. The switch then verifies authentication and authorization. No accounting is available in this
configuration.
Beginning in privileged EXEC mode, follow these steps to configure the switch for local AAA:
Command
Step 1
configure terminal
Step 2
aaa new-model
Step 3
aaa authentication login default
local
Step 4
aaa authorization exec local
Step 5
aaa authorization network local
Step 6
username name privilege level
password password
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
6-54
Purpose
Enter global configuration mode.
Enable TACACS+ accounting to send a start-record accounting notice at the
beginning of an EXEC process and a stop-record at the end.
Enable TACACS+ accounting for all network-related service requests,
including SLIP, PPP, and PPP NCPs.
Return to privileged EXEC mode.
Purpose
Enter global configuration mode.
Enable AAA.
Set the login authorization to default to local.
Configure user AAA authorization for all network-related service requests.
Configure user AAA authorization to determine if the user is allowed to run
an EXEC shell.
Enter the local database.
Repeat this command for each user.
Chapter 6
Configuring the System
78-6511-08
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
