Controlling Switch Access With Tacacs; Understanding Tacacs - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Controlling Switch Access with TACACS+
Controlling Switch Access with TACACS+
This section describes how to enable and configure Terminal Access Controller Access Control System
Plus (TACACS+), which provides detailed accounting information and flexible administrative control
over authentication and authorization processes. TACACS+ is facilitated through authentication,
authorization, accounting (AAA) and can be enabled only through AAA commands.
Beginning with Cisco IOS Release 12.2(58)SE, the switch supports TACACS+ for IPv6. Information is
in the
Cisco IOS XE IPv6 Configuration Guide, Release
For information about configuring this feature, see the
the "Implementing ADSL for IPv6" chapter in the
For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Note
Security Command Reference, Release 12.4 and the
For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Note
Security Command Reference, Release 12.4.
These sections contain this configuration information:
•
•
•
•
Understanding TACACS+
TACACS+ is a security application that provides centralized validation of users attempting to gain access
to your switch. TACACS+ services are maintained in a database on a TACACS+ daemon typically
running on a UNIX or Windows NT workstation. You should have access to and should configure a
TACACS+ server before the configuring TACACS+ features on your switch.
We recommend a redundant connection between a switch stack and the TACACS+ server. This is to help
Note
ensure that the TACACS+ server remains accessible in case one of the connected stack members is
removed from the switch stack.
TACACS+ provides for separate and modular authentication, authorization, and accounting facilities.
TACACS+ allows for a single access control server (the TACACS+ daemon) to provide each
service—authentication, authorization, and accounting—independently. Each service can be tied into its
own database to take advantage of other services available on that server or on the network, depending
on the capabilities of the daemon.
The goal of TACACS+ is to provide a method for managing multiple network access points from a single
management service. Your switch can be a network access server along with other Cisco routers and
access servers. A network access server provides connections to a single user, to a network or
subnetwork, and to interconnected networks as shown in
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
9-10
"TACACS+ Over an IPv6 Transport"
Understanding TACACS+, page 9-10
TACACS+ Operation, page 9-12
Configuring TACACS+, page 9-12
Displaying the TACACS+ Configuration, page 9-17
Chapter 9
Configuring Switch-Based Authentication
section of the "Implementing ADSL for IPv6" chapter in the
2.
"Configuring TACACS+ over IPv6"
Cisco IOS XE IPv6 Configuration Guide, Release
Cisco IOS IPv6 Command
Figure
9-1.
section of
2.
Reference.
OL-26520-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
