Planning a Switch Cluster
TACACS+ and RADIUS
Inconsistent authentication configurations in switch clusters cause CMS to continually prompt for a user
name and password. If TACACS+ is configured on a cluster member, it must be configured on all cluster
members. Similarly, if RADIUS is configured on a cluster member, it must be configured on all cluster
members. Further, the same switch cluster cannot have some members configured with TACACS+ and
other members configured with RADIUS.
For more information about TACACS+, see the
page
section on page
Access Modes in CMS
CMS provides two levels of access to the configuration options: read-write access and read-only access.
Privilege levels 0 to 15 are supported.
•
•
•
For more information about CMS access modes, see the
Note
•
•
Management VLAN
Communication with the switch management interfaces is through the command-switch IP address. The
IP address is associated with the management VLAN, which by default is VLAN 1. To manage switches
in a cluster, the command switch, member switches, and candidate switches must be connected through
ports assigned to the command-switch management VLAN.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
7-16
9-10. For more information about RADIUS, see the
9-18.
Privilege level 15 provides you with read-write access to CMS.
Privilege levels 1 to 14 provide you with read-only access to CMS. Any options in the CMS
windows, menu bar, toolbar, and popup menus that change the switch or cluster configuration are
not shown in read-only mode.
Privilege level 0 denies access to CMS.
If your cluster has these member switches running earlier software releases and if you have
read-only access to these member switches, some configuration windows for those switches display
incomplete information:
Catalyst 2900 XL or Catalyst 3500 XL member switches running Cisco IOS
–
Release 12.0(5)WC2 or earlier
Non-LRE Catalyst 2950 member switches running Cisco IOS Release 12.0(5)WC2 or earlier
–
Catalyst 3550 member switches running Cisco IOS Release 12.1(6)EA1 or earlier
–
For more information about this limitation, refer to the release notes.
These switches do not support read-only mode on CMS:
–
Catalyst 1900 and Catalyst 2820
–
Catalyst 2900 XL switches with 4-MB CPU DRAM
In read-only mode, these switches appear as unavailable devices and cannot be configured from
CMS.
"Controlling Switch Access with TACACS+" section on
"Controlling Switch Access with RADIUS"
"Privilege Levels" section on page
Chapter 7
Clustering Switches
4-7.
78-11380-10