Table of Contents
Advertisement
Chapter 7
Configuring Switch-Based Authentication
Configuring TACACS+
This section describes how to configure your switch to support TACACS+. At a minimum, you must
identify the host or hosts maintaining the TACACS+ daemon and define the method lists for TACACS+
authentication. You can optionally define method lists for TACACS+ authorization and accounting. A
method list defines the sequence and methods to be used to authenticate, to authorize, or to keep accounts
on a user. You can use method lists to designate one or more security protocols to be used, thus ensuring
a backup system if the initial method fails. The software uses the first method listed to authenticate, to
authorize, or to keep accounts on users; if that method does not respond, the software selects the next
method in the list. This process continues until there is successful communication with a listed method
or the method list is exhausted.
These sections contain this configuration information:
•
•
•
•
•
Default TACACS+ Configuration
TACACS+ and AAA are disabled by default.
To prevent a lapse in security, you cannot configure TACACS+ through a network management
application. When enabled, TACACS+ can authenticate users accessing the switch through the CLI.
Although TACACS+ configuration is performed through the CLI, the TACACS+ server authenticates
Note
HTTP connections that have been configured with a privilege level of 15.
Identifying the TACACS+ Server Host and Setting the Authentication Key
You can configure the switch to use a single server or AAA server groups to group existing server hosts
for authentication. You can group servers to select a subset of the configured server hosts and use them
for a particular service. The server group is used with a global server-host list and contains the list of IP
addresses of the selected server hosts.
78-17058-01
Default TACACS+ Configuration, page 7-13
Identifying the TACACS+ Server Host and Setting the Authentication Key, page 7-13
Configuring TACACS+ Login Authentication, page 7-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services, page
7-16
Starting TACACS+ Accounting, page 7-17
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Controlling Switch Access with TACACS+
7-13
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
