Cisco SFS7000P-SK9 Command Reference - Page 22
Customizing the Login Prompt, Entering CLI Modes
UPC - 882658093029
View all Cisco SFS7000P-SK9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 22 highlights
Entering CLI Modes Chapter 1 Using the CLI Authentication local and then TACAS TACAS and then local How it Works Verifies against the chassis database then checks the TACAS client. Checks the TACAS client and then verifies against the chassis database. When local authentication is in effect and a user logs in, the user must be configured as a CLI user. The login username and password are verified against the local CLI user database. If a match is found, the login succeeds, and the user is assigned a pre-configured privilege level. When TACACS+ authentication is in effect, the login username and password are passed to the TACACS+ server for verification. The TACACS+ server verifies the login username and password, and it sends back a reply. No TACACS+ user information is stored locally. The show user all command shows local users only. The config TACACS-server host command (see config TACACS-server host, page 2-22) configures the IP address of TACACS+ servers. There can be three TACACS+ servers configured. The first server is queried, the second server is queried if the first server is not reachable, and the third server is queried if the both of the other servers are not reachable. Cisco supports only TACACS+ authentication; therefore, no privilege level is verified against the TACACS+ server. All users authenticated by the TACACS+ server are given unrestricted rights. If a TACACS+ user makes changes to system configuration, the log will include the TACACS+ username and the config information, just as it does for a local user. Like RADIUS users, the TACACS+ users do not have associating SNMP community strings. There are no SNMP logins for TACACS+ users. Note The following are limitations to TACACS+ authentication: TACACS+ authorization and accounting are not supported. TACACS+ single-connection not supported. Each login authentication makes its own connection to the TACACS+ server. TACACS+ user privilege level is always unrestricted. Customizing the Login Prompt The CLI checks the file login-banner for customized text to include in the prompt. Use the copy command to place a file named login-banner in the config directory of the switch. You can do this with FTP: copy ftp://user:xxx.x.x.x/my-banner config:login-banner Entering CLI Modes The CLI uses the following three command modes: • User Execute mode • Privileged Execute mode • Global Configuration mode Cisco SFS 7000 Series Product Family Command Reference Guide 1-4 OL-9163-02