Configuring Tacacs; Default Tacacs+ Configuration; Identifying The Tacacs+ Server Host And Setting The Authentication Key - Cisco WS-C3750-48PS-S Software Configuration Manual

Network switch
Table of Contents

Advertisement

Chapter 9
Configuring Switch-Based Authentication

Configuring TACACS+

This section describes how to configure your switch to support TACACS+. At a minimum, you must
identify the host or hosts maintaining the TACACS+ daemon and define the method lists for TACACS+
authentication. You can optionally define method lists for TACACS+ authorization and accounting. A
method list defines the sequence and methods to be used to authenticate, to authorize, or to keep accounts
on a user. You can use method lists to designate one or more security protocols to be used, thus ensuring
a backup system if the initial method fails. The software uses the first method listed to authenticate, to
authorize, or to keep accounts on users; if that method does not respond, the software selects the next
method in the list. This process continues until there is successful communication with a listed method
or the method list is exhausted.
This section contains this configuration information:

Default TACACS+ Configuration

TACACS+ and AAA are disabled by default.
To prevent a lapse in security, you cannot configure TACACS+ through a network management
application. When enabled, TACACS+ can authenticate users accessing the switch through the CLI.
Although TACACS+ configuration is performed through the CLI, the TACACS+ server authenticates
Note
HTTP connections that have been configured with a privilege level of 15.

Identifying the TACACS+ Server Host and Setting the Authentication Key

You can configure the switch to use a single server or AAA server groups to group existing server hosts
for authentication. You can group servers to select a subset of the configured server hosts and use them
for a particular service. The server group is used with a global server-host list and contains the list of IP
addresses of the selected server hosts.
78-16180-02
Default TACACS+ Configuration, page 9-13
Identifying the TACACS+ Server Host and Setting the Authentication Key, page 9-13
Configuring TACACS+ Login Authentication, page 9-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services, page
9-16
Starting TACACS+ Accounting, page 9-17
Controlling Switch Access with TACACS+
Catalyst 3750 Switch Software Configuration Guide
9-13

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Catalyst 3750

Table of Contents