Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services - Cisco Catalyst 3750-X Software Configuration Manual

Hide thumbs Also See for Catalyst 3750-X:

Command reference manual (1244 pages)

Message manual (150 pages)

Getting started manual (22 pages)

Table of Contents

Controlling Switch Access with TACACS+

To secure the switch for HTTP access by using AAA methods, you must configure the switch with the

ip http authentication aaa global configuration command. Configuring AAA authentication does not

secure the switch for HTTP access by using AAA methods.

For more information about the ip http authentication command, see the Cisco IOS Security Command

Reference, Release 12.2.

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services

AAA authorization limits the services available to a user. When AAA authorization is enabled, the

switch uses information retrieved from the user's profile, which is located either in the local user

database or on the security server, to configure the user's session. The user is granted access to a

requested service only if the information in the user profile allows it.

You can use the aaa authorization global configuration command with the tacacs+ keyword to set

parameters that restrict a user's network access to privileged EXEC mode.

The aaa authorization exec tacacs+ local command sets these authorization parameters:

Authorization is bypassed for authenticated users who log in through the CLI even if authorization has

been configured.

Beginning in privileged EXEC mode, follow these steps to specify TACACS+ authorization for

privileged EXEC access and network services:

configure terminal

aaa authorization network tacacs+

aaa authorization exec tacacs+

show running-config

copy running-config startup-config

To disable authorization, use the no aaa authorization {network | exec} method1 global configuration

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

Use TACACS+ for privileged EXEC access authorization if authentication was performed by using

Use the local database if authentication was not performed by using TACACS+.

Enter global configuration mode.

Configure the switch for user TACACS+ authorization for all

network-related service requests.

Configure the switch for user TACACS+ authorization if the user has

privileged EXEC access.

The exec keyword might return user profile information (such as

autocommand information).

Return to privileged EXEC mode.

Verify your entries.

(Optional) Save your entries in the configuration file.

Configuring Switch-Based Authentication

Show Quick Links

Table of Contents

Troubleshooting

Catalyst 3560-x

Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services - Cisco Catalyst 3750-X Software Configuration Manual

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services

Hide quick links:

Troubleshooting

Related Manuals for Cisco Catalyst 3750-X

Related Content for Cisco Catalyst 3750-X

This manual is also suitable for:

Table of Contents