Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services - Cisco Catalyst 2975 Software Configuration Manual
Ios release 12.2(55)se
Hide thumbs
Also See for Catalyst 2975:
- Hardware installation manual (62 pages) ,
- Brochure (19 pages) ,
- Getting started manual (17 pages)
Table of Contents
Advertisement
Controlling Switch Access with TACACS+
Command
Step 5
login authentication {default |
list-name}
Step 6
end
Step 7
show running-config
Step 8
copy running-config startup-config
To disable AAA, use the no aaa new-model global configuration command. To disable AAA
authentication, use the no aaa authentication login {default | list-name} method1 [method2...] global
configuration command. To either disable TACACS+ authentication for logins or to return to the default
value, use the no login authentication {default | list-name} line configuration command.
To secure the switch for HTTP access by using AAA methods, you must configure the switch with the
Note
ip http authentication aaa global configuration command. Configuring AAA authentication does not
secure the switch for HTTP access by using AAA methods.
For more information about the ip http authentication command, see the Cisco IOS Security Command
Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2
Mainline > Command References.
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
AAA authorization limits the services available to a user. When AAA authorization is enabled, the
switch uses information retrieved from the user's profile, which is located either in the local user
database or on the security server, to configure the user's session. The user is granted access to a
requested service only if the information in the user profile allows it.
You can use the aaa authorization global configuration command with the tacacs+ keyword to set
parameters that restrict a user's network access to privileged EXEC mode.
The aaa authorization exec tacacs+ local command sets these authorization parameters:
•
•
Authorization is bypassed for authenticated users who log in through the CLI even if authorization has
Note
been configured.
Catalyst 2975 Switch Software Configuration Guide
9-16
Purpose
Apply the authentication list to a line or set of lines.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Use TACACS+ for privileged EXEC access authorization if authentication was performed by using
TACACS+.
Use the local database if authentication was not performed by using TACACS+.
•
If you specify default, use the default list created with the aaa
authentication login command.
•
For list-name, specify the list created with the aaa authentication
login command.
Chapter 9
Configuring Switch-Based Authentication
OL-19720-02
- Quick Links:
- Management Options
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
