Restrictions For Tacacs - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Restrictions for TACACS+
2 Set an authentication key.
3 Configure the key from Step 2 on the TACACS+ servers.
4 Enable authentication, authorization, and accounting (AAA).
5 Create a login authentication method list.
6 Apply the list to the terminal lines.
7 Create an authorization and accounting method list.
The following are the prerequisites for controlling switch access with TACACS+:
• You must have access to a configured TACACS+ server to configure TACACS+ features on your switch.
• We recommend a redundant connection between a switch stack and the TACACS+ server. This is to
• You need a system running the TACACS+ daemon software to use TACACS+ on your switch.
• To use TACACS+, it must be enabled.
• Authorization must be enabled on the switch to be used.
• Users must first successfully complete TACACS+ authentication before proceeding to TACACS+
• To use any of the AAA commands listed in this section or elsewhere, you must first enable AAA with
• At a minimum, you must identify the host or hosts maintaining the TACACS+ daemon and define the
• The method list defines the types of authentication to be performed and the sequence in which they are
• Use TACACS+ for privileged EXEC access authorization if authentication was performed by using
• Use the local database if authentication was not performed by using TACACS+.
Restrictions for TACACS+
TACACS+ can be enabled only through AAA commands.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
776
Also, you must have access to TACACS+ services maintained in a database on a TACACS+ daemon
typically running on a LINUX or Windows workstation.
help ensure that the TACACS+ server remains accessible in case one of the connected stack members
is removed from the switch stack.
authorization.
the aaa new-model command.
method lists for TACACS+ authentication. You can optionally define method lists for TACACS+
authorization and accounting.
performed; it must be applied to a specific port before any of the defined authentication methods are
performed. The only exception is the default method list (which, by coincidence, is named default). The
default method list is automatically applied to all ports except those that have a named method list
explicitly defined. A defined method list overrides the default method list.
TACACS+.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
