Table of Contents
Advertisement
Chapter 30
Configuring Switch Access Using AAA
•
•
TACACS+ Primary and Fallback Options
You can specify the primary and fallback options that are used in the authorization process. The
following primary options and fallback options are available:
•
•
•
•
TACACS+ Command Authorization
You can require authorization for all commands or for configuration (enable mode) commands only.
Configuration commands include the following:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Software Configuration Guide—Release 8.2GLX
78-15908-01
EXEC mode (normal login)—When the authorization feature is enabled for EXEC mode, the user
must supply a valid username and password pair to access the EXEC mode. Authorization is
required only if you have enabled the authorization feature.
Enable mode (privileged login)—When the authorization feature is enabled for enable mode, the
user must supply a valid username and password pair to access enable mode. Authorization is
required only if you have enabled the authorization feature for enable mode.
tacacs+—If you have been authenticated and there is no response from the TACACS+ server,
authorization succeeds immediately.
if-authenticated—If you have been authenticated and there is no response from the TACACS+
server, authorization succeeds immediately.
none—Authorization succeeds if the TACACS+ server does not respond.
deny—Authorization fails if the TACACS+ server fails to respond. The Deny option is a fallback
option only. This is the default behavior.
copy
clear
commit
configure
delete
download
format
reload
rollback
session
set
squeeze
switch
undelete
Understanding How Authorization Works
30-41
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
