Controlling Switch Access With Tacacs+ - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 3
Configuring the Switch for the First Time
For information on how to display the password or access level configuration, see the
Password, Access Level, and Privilege Level Configuration" section on page
Controlling Switch Access with TACACS+
This section describes how to enable and configure TACACS+, which provides detailed accounting
information and flexible administrative control over authentication and authorization processes.
TACACS+ is facilitated through authentication, authorization, accounting (AAA) and can be enabled
only through AAA commands.
For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Note
Security Command Reference, Release 12.2.
This section contains the following configuration information:
•
•
•
•
Understanding TACACS+
TACACS+ is a security application that provides centralized validation of users attempting to gain access
to your switch. TACACS+ services are maintained in a database on a TACACS+ daemon typically
running on a UNIX or Windows NT workstation. You should have access to and should configure a
TACACS+ server before configuring TACACS+ features on your switch.
TACACS+ provides for separate and modular AAA facilities. TACACS+ allows for a single access
control server (the TACACS+ daemon) to provide each service—authentication, authorization, and
accounting—independently. Each service can be locked into its own database to take advantage of other
services available on that server or on the network, depending on the capabilities of the daemon.
The goal of TACACS+ is to provide a method for managing multiple network access points from a single
management service. Your switch can be a network access server along with other Cisco routers and
access servers. A network access server provides connections to a single user, to a network or
subnetwork, and to interconnected networks as shown in
OL-30933-01
Understanding TACACS+, page 3-15
TACACS+ Operation, page 3-17
Configuring TACACS+, page 3-17
Displaying the TACACS+ Configuration, page 3-22
Controlling Access to Privileged EXEC Commands
Figure
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
"Displaying the
3-24.
3-4.
3-15
Advertisement
Chapters
Table of Contents
Troubleshooting
