4-13
TACACS+ Authentication
Configuring TACACS+ on the Switch
Authentication Parameters
Table 4-1. AAA Authentication Parameters
Name Default Range Function
console, Telnet,
SSH, web , port-
access, web-
based port
access
n/a n/a Specifies the access method used when authenticating. TACACS+
authentication only uses the console, Telnet or SSH access methods.
enable
- or -
login
n/a n/a Specifies the privilege level to be configured.
enable: Specifies the Manager (read/write) privilege level for the access
method being configured.
login: Specifies the Operator (read-only) privilege level for the access
method being configured.
local
- or -
tacacs
- or -
radius
local n/a Specifies the primary method of authentication for the access method being
configured.
local: Use the username/password pair configured locally in the switch for
the privilege level being configured
tacacs: Use a TACACS+ server.
radius: Use a RADIUS server.
local
- or -
none
- or -
authorized
none n/a Specifies the secondary (backup) method for the access method being config-
ured.
local: The username/password pair configured locally in the switch for the
privilege level being configured. Cannot be used if the primary
authentication is local.
none: No secondary type of authentication for the specified
method/privilege path. (Available only if the primary method of
authentication for the access being configured is local.)
authorized: Allow access without authentication.
Note: If you do not specify this parameter in the command line, the switch
automatically assigns the secondary method as follows:
• If the primary method is
tacacs, the secondary method is local.
• If the primary method is
local, the secondary method is none.
login <privilege-
mode>
privilege-
mode
disabled
n/a Specifies that the switch will respect the authentication server’s privilege level.
The privilege-mode option enables TACACS+ for a single login. The authorized
privilege level (Operator or Manager) is returned to the switch by the TACACS+
server.
num-attempts 3 1 - 10 In a given session, specifies how many tries at entering the correct username/
password pair are allowed before access is denied and the session terminated.
To Next Page
Loading...
Need help?
General
