4-11
TACACS+ Authentication
Configuring TACACS+ on the Switch
Configuring the Switch’s TACACS+ Authentication
Methods
The aaa authentication command configures TACACS+ access control for the
following access methods:
â– Console
â– Telnet
â– SSH
The command specifies whether to use a TACACS+ server or the switch’s local
authentication, or no authentication in some situations (meaning that if the
primary method fails, authentication is denied). The command also reconfig-
ures the number of access attempts to allow in a session if the first attempt
uses an incorrect username/password pair.
Syntax: aaa authentication
< console | telnet | ssh >
Selects the access method for configuration.
< enable | login> <primary-method> <backup-method>
enable — Configures "enable" privilege level (read/
write) access for the authentication method.
login — Configures "login" privilege level (read-only)
access for the authentication method.
<primary-method> — The primary authentication method
for access.
<backup-method> — The authentication method to use if
the primary method is not able to check the user’s
credentials.
<login privilege-mode >
Enables TACACS+ for single login. The switch
authenticates your username/password, then requests
the privilege level (Operator orManager) that was
configured on the TACACS+ server for this username/
password. The TACACS+ server returns the allowed
privilege level to the switch. You are placed directly into
Operator or Manager mode, depending on your privilege
level.
Default: Single login disabled.
To Next Page
Loading...
Need help?
General
