Chapter 27
Configuring Switch Access Using AAA
Figure 27-4 TACACS+ Example Network Topology
TACACS+
172.20.52.10
Workstation A
In this example, TACACS+ authorization is enabled for enable mode access to the switch for both Telnet
and console connections, authorizing configuration commands:
Console> (enable) set authorization enable enable tacacs+ deny both
Successfully enabled enable authorization.
Console> (enable) set authorization commands enable config tacacs+ deny both
Successfully enabled commands authorization.
Console> (enable) show authorization
Telnet:
-------
exec:
enable:
commands:
config:
all:
Console:
--------
exec:
enable:
commands:
config:
all:
Console> (enable)
Understanding How Accounting Works
These sections describe how accounting works:
•
•
•
•
78-12647-02
server
Switch
Primary
Fallback
-------
--------
tacacs+
deny
tacacs+
deny
tacacs+
deny
-
-
Primary
Fallback
-------
--------
tacacs+
deny
tacacs+
deny
tacacs+
deny
-
-
Accounting Overview, page 27-56
Accounting Events, page 27-56
Specifying When to Create Accounting Records, page 27-57
Specifying RADIUS Servers, page 27-57
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
Console port
connection
Terminal
Understanding How Accounting Works
27-55