Configuring Security
Configuring TACACS+
STEP 5
NOTE
Configuring TACACS+
Cisco 500 Series Stackable Managed Switch Administration Guide
•
Minimal Password Length—Enter the minimal number of characters
required for passwords.
A zero-length password (no password) is allowed, and can still have
NOTE
password aging assigned to it.
•
Minimal Number of Character Classes—Enter the number of character
classes which must be present in a password. Character classes are lower
case (1), upper case (2), digits (3), and symbols or special characters (4).
•
The New Password Must Be Different than the Current One—If selected,
the new password cannot be the same as the current password upon a
password change.
Click Apply. The password settings are written to the Running Configuration file.
Configuring the allowed number of character repetitions, username-password
equivalence, and manufacturer-password equivalence may be done through the
CLI. See the CLI guide for further instruction.
The switch is a Terminal Access Controller Access Control System (TACACS+)
client that can use a TACACS+ server to provide centralized security.
TACACS+ provides the following services:
•
Authentication—Provides authentication of administrators logging onto the
switch by using usernames and user-defined passwords.
•
Authorization—Performed at login. After the authentication session is
completed, an authorization session starts using the authenticated
username. The TACACS+ server then checks user privileges.
The TACACS+ protocol ensures network integrity, through encrypted protocol
exchanges between the device and the TACACS+ server.
TACACS+ is supported only with IPv4.
TACACS+ servers cannot be used as 802. 1 X authentication servers to verify
credentials of network users trying to join the networks through the switch.
18
301