Table of Contents
Advertisement
Chapter 30
Configuring Switch Access Using AAA
Enable Authentication: Console Session
---------------------- ----------------- ----------------
tacacs
radius
local
Console> (enable)
Configuring Kerberos Authentication
Before you can use Kerberos as an authentication method on the switch, you need to configure the
Kerberos server. You will need to create a database for the KDC and add the switch to the database.
To configure the Kerberos server, follow these steps:
Before you can enter the switch in the Kerberos server's key table, you must create the database that the
Step 1
KDC will use. In the following example, a database called CISCO.EDU is created:
/usr/local/sbin/kdb5_util create -r CISCO.EDU -s
Add the switch to the database. The following example adds a switch called Cat4012 to the CISCO.EDU
Step 2
database:
ank host/Cat4012.cisco.edu@CISCO.EDU
Add the username as follows:
Step 3
ank user1@CISCO.EDU
Step 4
Add the Administrative Principals as follows:
ank user1/admin@CISCO.EDU
Step 5
Create the entry for the switch in the database using the admin.local ktadd command as follows:
ktadd host/Cat4012.cisco.edu@CISCO.EDU
Move the keyadmin file to a place where the switch can reach it.
Step 6
Start the KDC server as follows:
Step 7
/usr/local/sbin/krb4kdc
Enabling Kerberos
To enable Kerberos authentication, perform this task in privileged mode:
Task
Step 1
Enable Kerberos authentication.
Step 2
Verify the configuration.
78-15486-01
disabled
disabled
enabled(primary)
/usr/local/sbin/kadmind
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide
Telnet Session
disabled
disabled
enabled(primary)
Command
set authentication login kerberos enable [all |
console | http | telnet] [primary]
show authentication
Configuring Authentication
—
Release 8.1
30-31
- Quick Links:
- Configuration Guide
- Catalyst 2980G Switch
Hide quick links:
Advertisement
Table of Contents
