Specifying Tacacs+ Authorization For Exec Access And Network Services - Cisco WS-C2950-24 Configuration Manual
Software configuration guide
Hide thumbs
Also See for WS-C2950-24:
- Installation manual (220 pages) ,
- Hardware installation manual (156 pages) ,
- Datasheet (19 pages)
Table of Contents
Advertisement
Chapter 6
Configuring the System
Specifying TACACS+ Authorization for EXEC Access and
Network Services
Note
78-6511-05
To create a default list that is used if no list is specified in the login
authentication line configuration command, use the default keyword followed
by the methods you want used in default situations.
The additional methods of authentication are used only if the previous method
returns an error, not if it fails. To specify that the authentication succeed even if
all methods return an error, specify none as the final method in the command line.
You can use the aaa authorization global configuration command with the
tacacs+ keyword to set parameters that restrict a user's network access to Cisco
IOS privilege mode (EXEC access) and to network services such as Serial Line
Internet Protocol (SLIP), Point-to-Point Protocol (PPP) with Network Control
Protocols (NCPs), and AppleTalk Remote Access (ARA).
The aaa authorization exec tacacs+ local command sets the following
authorization parameters:
Uses TACACS+ for EXEC access authorization if authentication was done
•
using TACACS+.
Uses the local database if authentication was not done using TACACS+.
•
Authorization is bypassed for authenticated users who login through the CLI
even if authorization has been configured.
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
Configuring TACACS+
6-65
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
