Tacacs+ Configuration Options - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Information About TACACS+
DETAILED STEPS
Command or Action
Step 1
Device>enable
Step 2
Device#configure terminal
Step 3
Device (config)#aaa dnis map enable
Step 4
Router(config)# aaa dnis map dnis-number
authentication ppp group server-group-name
Step 5
Router(config)# aaa dnis map dnis-number
accounting network [none | start-stop | stop-only]
group server-group-name
TACACS+ Configuration Options
You can configure the switch to use a single server or AAA server groups to group existing server hosts for
authentication. You can group servers to select a subset of the configured server hosts and use them for a
particular service. The server group is used with a global server-host list and contains the list of IP addresses
of the selected server hosts.
TACACS+ Login Authentication
A method list describes the sequence and authentication methods to be queried to authenticate a user. You
can designate one or more security protocols to be used for authentication, thus ensuring a backup system for
authentication in case the initial method fails. The software uses the first method listed to authenticate users;
if that method fails to respond, the software selects the next authentication method in the method list. This
process continues until there is successful communication with a listed authentication method or until all
defined methods are exhausted. If authentication fails at any point in this cycle—meaning that the security
server or local username database responds by denying the user access—the authentication process stops, and
no other authentication methods are attempted.
TACACS+ Authorization for Privileged EXEC Access and Network Services
AAA authorization limits the services available to a user. When AAA authorization is enabled, the switch
uses information retrieved from the user's profile, which is located either in the local user database or on the
security server, to configure the user's session. The user is granted access to a requested service only if the
information in the user profile allows it.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
882
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Enters global configuration mode.
Enables DNIS mapping.
Maps a DNIS number to a defined AAA server group; the
servers in this server group are being used for authentication.
Maps a DNIS number to a defined AAA server group; the
servers in this server group are being used for accounting.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
