172
Configuring Switch-Based Authentication
How to Configure Switch-Based Authentication
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
Starting TACACS+ Accounting
Configuring Radius Server Communication
Before You Begin
You should have access to and should configure a RADIUS server before configuring RADIUS features on your switch.
At a minimum, you must identify the host or hosts that run the RADIUS server software and define the method lists for
RADIUS authentication. You can optionally define method lists for RADIUS authorization and accounting.
Some configuration settings need to be configured on the RADIUS server that include the IP address of the switch and
the key string to be shared by both the server and the switch.
Command Purpose
1. configure terminal Enters global configuration mode.
2. aaa authorization network tacacs+ Configures the switch for user TACACS+ authorization for all
network-related service requests.
3. aaa authorization exec tacacs+ Configures the switch for user TACACS+ authorization if the user has
privileged EXEC access.
The exec keyword might return user profile information (such as
autocommand information).
4. end Returns to privileged EXEC mode.
Command Purpose
1. configure terminal Enters global configuration mode.
2. aaa accounting network start-stop
tacacs+
Enables TACACS+ accounting for all network-related service requests.
3. aaa accounting exec start-stop tacacs+ Enables TACACS+ accounting to send a start-record accounting notice
at the beginning of a privileged EXEC process and a stop-record at the
end.
4. end Returns to privileged EXEC mode.
To Next Page
Loading...
Need help?
General