Chapter 39
Configuring the Switch Access Using AAA
Disabling TACACS+ Authentication
When local authentication is disabled and only TACACS+ authentication is enabled, if you disable
TACACS+ authentication, local authentication is reenabled automatically.
To disable TACACS+ authentication, perform this task in privileged mode:
Task
Step 1
Disable TACACS+ authentication for normal
login mode. Enter the console or telnet keyword
if you want to disable TACACS+ only for the
console port or Telnet connection attempts.
Step 2
Disable TACACS+ authentication for enable
mode. Enter the console or telnet keyword if you
want to disable TACACS+ only for the console
port or Telnet connection attempts.
Step 3
Verify the TACACS+ configuration.
This example shows how to disable TACACS+ authentication for the console and Telnet connections and
verify the configuration:
Console> (enable) set authentication login tacacs disable
tacacs login authentication set to disable for console and telnet session.
Console> (enable) set authentication enable tacacs disable
tacacs enable authentication set to disable for console and telnet session.
Console> (enable) show authentication
Login Authentication:
---------------------
tacacs
radius
local
Enable Authentication: Console Session
---------------------- ----------------- ----------------
tacacs
radius
local
Console> (enable)
Configuring RADIUS Authentication
These sections describe how to configure RADIUS authentication on the switch:
•
•
•
•
•
•
•
OL-8978-04
Console Session
----------------
disabled
disabled
enabled(primary)
disabled
disabled
enabled(primary)
Specifying RADIUS Servers, page 39-26
Specifying the RADIUS Key, page 39-26
Enabling RADIUS Authentication, page 39-27
Specifying the RADIUS Timeout Interval, page 39-29
Specifying the RADIUS Retransmit Count, page 39-29
Specifying the RADIUS Dead Time, page 39-30
Specifying Optional Attributes for RADIUS Servers, page 39-31
Command
set authentication login tacacs disable [all |
console | http | telnet]
set authentication enable tacacs disable [all |
console | http | telnet]
show authentication
Telnet Session
----------------
disabled
disabled
enabled(primary)
Telnet Session
disabled
disabled
enabled(primary)
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Configuring Authentication on the Switch
39-25