Preventing Unauthorized Access To Your Switch - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Configuring Switch-Based Authentication
This chapter describes how to configure switch-based authentication on the Catalyst 2960, 2960-S, or
2960-C switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch
stack.
Stacking is supported only on Catalyst 2960-S switches running the LAN base image.
Note
This chapter consists of these sections:
•
•
•
•
•
•
•
•
Preventing Unauthorized Access to Your Switch
You can prevent unauthorized users from reconfiguring your switch and viewing configuration
information. Typically, you want network administrators to have access to your switch while you restrict
access to users who dial from outside the network through an asynchronous port, connect from outside
the network through a serial port, or connect through a terminal or workstation from within the local
network.
To prevent unauthorized access into your switch, you should configure one or more of these security
features:
•
•
OL-26520-01
Preventing Unauthorized Access to Your Switch, page 9-1
Protecting Access to Privileged EXEC Commands, page 9-2
Controlling Switch Access with TACACS+, page 9-10
Controlling Switch Access with RADIUS, page 9-17
Configuring the Switch for Local Authentication and Authorization, page 9-41
Configuring the Switch for Secure Shell, page 9-42
Configuring the Switch for Secure Socket Layer HTTP, page 9-46
Configuring the Switch for Secure Copy Protocol, page 9-52
At a minimum, you should configure passwords and privileges at each switch port. These passwords
are locally stored on the switch. When users attempt to access the switch through a port or line, they
must enter the password specified for the port or line before they can access the switch. For more
information, see the
"Protecting Access to Privileged EXEC Commands" section on page
For an additional layer of security, you can also configure username and password pairs, which are
locally stored on the switch. These pairs are assigned to lines or ports and authenticate each user
before that user can access the switch. If you have defined privilege levels, you can also assign a
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
9
C H A P T E R
9-2.
9-1
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
