Configuring TACACS+
Note
Configuring the TACACS+ Server Host
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
6-62
The TACACS+ feature is disabled by default. However, you can enable and
configure it by using the CLI. You can access the CLI through the console port or
through Telnet. To prevent a lapse in security, you cannot configure TACACS+
through a network-management application. When enabled, TACACS+ can
authenticate users accessing the switch through the CLI.
Although the TACACS+ configuration is performed through the CLI, the
TACACS+ server authenticates HTTP connections that have been configured
with a privilege level of 15.
Use the tacacs-server host command to specify the names of the IP host or hosts
maintaining an AAA/TACACS+ server. On TACACS+ servers, you can configure
the following additional options:
Number of seconds that the switch waits while trying to contact the server
•
before timing out.
Encryption key to encrypt and decrypt all traffic between the router and the
•
daemon.
Number of attempts that a user can make when entering a command that is
•
being authenticated by TACACS+.
Chapter 6
Configuring the System
78-6511-05