Chapter 11: Controlling Traffic and Switch Access 181
Section 11-5
b. Configure privileged-level authentication:
(global) line [aux | console | tty | vty] line-number [ending-line-number]
(global) login authentication {default | list-name}
Use this command to enable or disable privileged-level local authentication for
the console, telnet, http, or all services on a switch.
2. Configure TACACS authentication.
It is also possible to configure the switch to authenticate users from a database on a
TACACS server. For this to work, a username and password must be configured on
the TACACS server. After the server has been configured, you use the following
commands to provide TACACS authentication.
a. Configure the TACACS server:
(global)tacacs-server host hostname [single-connection] [port integer]
[timeout integer] [key string]
This command specifies the address of the TACACS server. This assumes that the
switch has been configured for an IP address and has a gateway if necessary to
reach the server. You can specify multiple servers if one of the devices is not
functioning.
b. Enable TACACS authentication for user level:
(global) aaa authentication login {default | group | tacacs+ | local}
After you specify the server address, you set the user-level authentication
process to use the tacacs option for the console, telnet, http, or all services. If
that fails, other authentication methods, such as local login, are attempted.
c. Specify the TACACS key:
(global) tacacs-server key key
Because the information between the TACACS device and the switch is encrypt-
ed, you must also supply the TACACS process with the key that is used by the
server. This command specifies the key used.
3. Configure RADIUS authentication.
In addition to local or TACACS, you can configure the switch to authenticate users
from a database on a RADIUS server. For this to work, a username and password
must be configured on the RADIUS server. After the server has been configured,
you use the following commands to provide RADIUS authentication.
a. Configure the RADIUS server:
(global) radius-server host {hostname | ip_address}
To Next Page
Loading...
Need help?
General