17. Select the type of access for which you are defining the authentication method list from the Type field's
pulldown menu. Each type of access must have a separate authentication-method list. For example, to
define the authentication-method list for logging into the CLI, select Login.
18. Select the primary authentication method by clicking on the radio button next to the method. For example, to
use a TACACS+ server as the primary means of authentication for logging on to the CLI, select TACACS+.
19. Click the Add button to save the change to the device's running-config file.
The access type and authentication method you selected are displayed in the table at the top of the dialog.
Each time you add an authentication method for a given access type, the software assigns a sequence
number to the entry. When the user tries to log in using the access type you selected, the software tries the
authentication sources in ascending sequence order until the access request is either approved or denied.
Each time you add an entry for a given access type, the software increments the sequence number. Thus, if
you want to use multiple authentication methods, make sure you enter the primary authentication method
first, the secondary authentication method second, and so on.
If you need to delete an entry, select the access type and authentication method for the entry, then click
20. Click Home to return to the System configuration panel, then select the Save link at the bottom of the dialog.
Select Yes when prompted to save the configuration change to the startup-config file on the device's flash
21. To configure TACACS+ authorization, select the Management link to display the Management panel and
select the Authorization Methods link to display the Authorization Method panel, as shown in the following
22. To configure TACACS+ exec authorization, select Exec from the Type field's pulldown menu.
23. To configure TACACS+ command authorization, select Commands from the Type field's pulldown menu and
select a privilege level by clicking on one of the following radio buttons:
0 – Authorization is performed for commands available at the Super User level (all commands)
4 – Authorization is performed for commands available at the Port Configuration level (port-config and
5 – Authorization is performed for commands available at the Read Only level (read-only commands)
NOTE: TACACS+ command authorization is performed only for commands entered from Telnet or SSH
sessions. No authorization is performed for commands entered at the console or the Web management
24. Click on the radio button next to TACACS+.
25. Click the Add button to save the change to the device's running-config file.
3 - 29