Table of Contents
Advertisement
Chapter 30
Configuring Switch Access Using AAA
•
•
Configuring TACACS+ Authorization
The next two sections describe how to configure TACACS+ authorization on the switch.
Enabling TACACS+ Authorization
To enable TACACS+ authorization on the switch, perform this task in privileged mode:
Task
Step 1
Enable authorization for normal login mode.
Enter the console or telnet keywords if you want
to enable the authorization only for the console
port or for the Telnet connection attempts. Enter
the both keyword to enable authorization for both
console port and Telnet connection attempts.
Step 2
Enable authorization for enable mode. Enter the
console or telnet keywords if you want to enable
the authorization only for the console port or for
the Telnet connection attempts. Enter the both
keyword to enable authorization for both console
port and Telnet connection attempts.
Step 3
Enable authorization of configuration commands.
Enter the console or telnet keywords if you want
to enable the authorization only for the console
port or for the Telnet connection attempts. Enter
the both keyword to enable authorization for both
console port and Telnet connection attempts.
Step 4
Verify the TACACS+ authorization configuration. show authorization
This example shows how to enable TACACS+ EXEC mode authorization for both console and Telnet
connections. Authorization is configured with the tacacs+ option. The fallback option is deny.
Console> (enable) set authorization exec enable tacacs+ deny both
Successfully enabled enable authorization.
Console>
This example shows how to enable TACACS+ enable mode authorization for console and Telnet
connections. Authorization is configured with the tacacs+ option. The fallback option is deny.
Console> (enable) set authorization enable enable tacacs+ deny both
Successfully enabled enable authorization.
Console>
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Software Configuration Guide—Release 8.2GLX
78-15908-01
Configure RADIUS and TACACS+ servers before enabling authorization. See the
TACACS+ Servers" section on page 30-17
page 30-23
for more information on server setup.
Configure RADIUS and TACACS+ keys to encrypt protocol packets before enabling authorization.
See the
"Specifying the TACACS+ Key" section on page 30-19
Key" section on page 30-25
or the
"Specifying RADIUS Servers" section on
for more information on the key setup.
Command
set authorization exec enable {option}
{fallbackoption} [console | telnet | both]
set authorization enable enable {option}
{fallbackoption} [console | telnet | both]
set authorization commands enable {config |
all} [option} {fallbackoption} [console | telnet |
both]
Configuring Authorization
"Specifying
or the
"Specifying the RADIUS
30-43
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
