Displaying The Tacacs+ Configuration - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Controlling Access to Privileged EXEC Commands
To enable TACACS+ accounting for each Cisco IOS privilege level and for network services, perform
this task, beginning in privileged EXEC mode:
Command
Step 1
configure terminal
Step 2
aaa accounting network start-stop
tacacs+
Step 3
aaa accounting exec start-stop
tacacs+
Step 4
end
Step 5
show running-config
Step 6
copy running-config startup-config
To disable accounting, use the no aaa accounting {network | exec} {start-stop} method1... global
configuration command.
Displaying the TACACS+ Configuration
To display TACACS+ server statistics, use the show tacacs privileged EXEC command.
Encrypting Passwords
Because protocol analyzers can examine packets (and read passwords), you can increase access security
by configuring the Cisco IOS software to encrypt passwords. Encryption prevents the password from
being readable in the configuration file.
To configure the Cisco IOS software to encrypt passwords, enter this command:
Command
Switch(config)# service password-encryption
Encryption occurs when the current configuration is written or when a password is configured. Password
encryption is applied to all passwords, including authentication key passwords, the privileged command
password, console and virtual terminal line access passwords, and Border Gateway Protocol (BGP)
neighbor passwords. The service password-encryption command keeps unauthorized individuals from
viewing your password in your configuration file.
The service password-encryption command does not provide a high-level of network security. If you
Caution
use this command, you should also take additional network security measures.
Although you cannot recover a lost encrypted password (that is, you cannot get the original password
back), you can regain control of the switch after having lost or forgotten the encrypted password. See
the
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
3-22
"Recovering a Lost Enable Password" section on page 3-25
Purpose
Enters global configuration mode.
Enables TACACS+ accounting for all network-related service requests.
Enables TACACS+ accounting to send a start-record accounting notice
at the beginning of a privileged EXEC process and a stop-record at the
end.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Purpose
Encrypts a password.
Chapter 3
Configuring the Switch for the First Time
for more information.
Advertisement
Chapters
Table of Contents
Troubleshooting
