6-52
Catalyst 2900 Series XL and Catalyst 3500 SeriesXL Software Configuration Guide
78-6511-08
Chapter 6 Configuring the System
Configuring TACACS+
Beginning in privileged EXEC mode, follow these steps to configure the TACACS+ server:
Configuring Login Authentication
Beginning in privileged EXEC mode, follow these steps to configure login authentication by using
AAA/TACACS+:
Command Purpose
Step 1
tacacs-server host name [timeout
integer] [key string]
Define a TACACS+ host.
Entering the timeout and key parameters with this command overrides the
global values that you can enter with the tacacs-server timeout (Step 3) and
the tacacs-server key commands (Step 5).
Step 2
tacacs-server retransmit retries Enter the number of times the server searches the list of TACACS+ servers
before stopping.
The default is two.
Step 3
tacacs-server timeout seconds Set the interval that the server waits for a TACACS+ server host to reply.
The default is 5 seconds.
Step 4
tacacs-server attempts count Set the number of login attempts that can be made on the line.
Step 5
tacacs-server key key Define a set of encryption keys for all of TACACS+ and communication
between the access server and the TACACS daemon.
Repeat the command for each encryption key.
Step 6
exit Return to privileged EXEC mode.
Step 7
show tacacs Verify your entries.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
aaa new-model Enable AAA/TACACS+.
Step 3
aaa authentication login {default |
list-name} method1 [method2...]
Enable authentication at login, and create one or more lists of authentication
methods.
Step 4
line [aux | console | tty | vty]
line-number [ending-line-number]
Enter line configuration mode, and configure the lines to which you want to
apply the authentication list.
Step 5
login authentication {default |
list-name}
Apply the authentication list to a line or set of lines.
Step 6
exit Return to privileged EXEC mode.
Step 7
show running-config Verify your entries.
To Next Page
Loading...
Need help?
General