Chapter 39
Configuring the Switch Access Using AAA
Authorization Example
Figure 39-4
When Workstation A initiates a command on the switch, the switch registers a request with the
TACACS+ daemon. The TACACS+ daemon determines if the user is authorized to use the feature and
sends a response either executing the command or denying access.
Figure 39-4
TACACS+
172.20.52.10
Workstation A
In this example, TACACS+ authorization is enabled for enable mode access and for the configuration
commands to be entered on the switch over the Telnet and console connections:
Console> (enable) set authorization enable enable tacacs+ deny both
Successfully enabled enable authorization.
Console> (enable) set authorization commands enable config tacacs+ deny both
Successfully enabled commands authorization.
Console> (enable) show authorization
Telnet:
-------
exec:
enable:
commands:
config:
all:
Console:
--------
exec:
enable:
commands:
config:
all:
Console> (enable)
OL-8978-04
shows a simple network topology using TACACS+.
TACACS+ Example Network Topology
server
Switch
Primary
Fallback
-------
--------
tacacs+
deny
tacacs+
deny
tacacs+
deny
-
-
Primary
Fallback
-------
--------
tacacs+
deny
tacacs+
deny
tacacs+
deny
-
-
Console port
connection
Terminal
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Configuring Authorization on the Switch
39-51