TACACS+ Authentication
Operating Notes
■
■
4-30
When TACACS+ is not enabled on the switch—or when the switch's
only designated TACACS+ servers are not accessible— setting a local
Operator password without also setting a local Manager password
does not protect the switch from manager-level access by unauthor
ized persons.
When using the copy command to transfer a configuration to a TFTP
server, any optional, server-specific and global encryption keys (page
4-18) in the TACACS configuration will not be included in the trans
ferred file. Otherwise, a security breach could occur, allowing access
to the TACACS+ username/password information.