Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services; Starting Tacacs+ Accounting - Cisco 3845 - Security Bundle Router Software Manual
Software configuration guide
Hide thumbs
Also See for 3845 - Security Bundle Router:
- Manual (94 pages) ,
- Quick start manual (38 pages) ,
- Hardware installation manual (418 pages)
Table of Contents
Advertisement
Controlling Switch Access with TACACS+
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
AAA authorization limits the services available to a user. When AAA authorization is enabled, the
switch uses information retrieved from the user's profile, which is located either in the local user
database or on the security server, to configure the user's session. The user is granted access to a
requested service only if the information in the user profile allows it.
You can use the aaa authorization global configuration command with the tacacs+ keyword to set
parameters that restrict a user's network access to privileged EXEC mode.
The aaa authorization exec tacacs+ local command sets these authorization parameters:
•
•
Authorization is bypassed for authenticated users who log in through the CLI even if authorization has
Note
been configured.
Beginning in privileged EXEC mode, follow these steps to specify TACACS+ authorization for
privileged EXEC access and network services:
Command
Step 1
configure terminal
Step 2
aaa authorization network tacacs+
Step 3
aaa authorization exec tacacs+
Step 4
end
Step 5
show running-config
Step 6
copy running-config startup-config
To disable authorization, use the no aaa authorization {network | exec} method1 global configuration
command.
Starting TACACS+ Accounting
The AAA accounting feature tracks the services that users are accessing and the amount of network
resources that they are consuming. When AAA accounting is enabled, the switch reports user activity to
the TACACS+ security server in the form of accounting records. Each accounting record contains
accounting attribute-value (AV) pairs and is stored on the security server. This data can then be analyzed
for network management, client billing, or auditing.
Cisco ME 3800X and 3600X Switch Software Configuration Guide
8-16
Use TACACS+ for privileged EXEC access authorization if authentication was performed by using
TACACS+.
Use the local database if authentication was not performed by using TACACS+.
Purpose
Enter global configuration mode.
Configure the switch for user TACACS+ authorization for all
network-related service requests.
Configure the switch for user TACACS+ authorization if the user has
privileged EXEC access.
The exec keyword might return user profile information (such as
autocommand information).
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Chapter 8
Configuring Switch-Based Authentication
OL-23400-01
- Quick Links:
- Vlan Features
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
