Cisco WS-C2960S-24PD-L Software Guide - Page 181
network services such as Serial Line Internet Protocol SLIP, Point-to-Point Protocol PPP
View all Cisco WS-C2960S-24PD-L manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 181 highlights
Chapter 6 Configuring the System Configuring TACACS+ The variable list-name is any character string used to name the list you are creating. The method variable refers to the actual methods the authentication algorithm tries, in the sequence entered. You can choose one of these methods: • line-Uses the line password for authentication. You must define a line password before you can use this authentication method. Use the password password line configuration command. • local-Uses the local username database for authentication. You must enter username information into the database. Use the username password global configuration command. • tacacs+-Uses TACACS+ authentication. You must configure the TACACS+ server before you can use this authentication method. For more information, see the "Configuring the TACACS+ Server Host" section on page 6-51. To create a default list that is used if no list is specified in the login authentication line configuration command, use the default keyword followed by the methods you want used in default situations. The additional methods of authentication are used only if the previous method returns an error, not if it fails. To specify that the authentication succeed even if all methods return an error, specify none as the final method in the command line. Specifying TACACS+ Authorization for EXEC Access and Network Services You can use the aaa authorization global configuration command with the tacacs+ keyword to set parameters that restrict a user's network access to Cisco IOS privilege mode (EXEC access) and to network services such as Serial Line Internet Protocol (SLIP), Point-to-Point Protocol (PPP) with Network Control Protocols (NCPs), and AppleTalk Remote Access (ARA). The aaa authorization exec tacacs+ local command sets these authorization parameters: • Uses TACACS+ for EXEC access authorization if authentication was done using TACACS+. • Uses the local database if authentication was not done using TACACS+. Note Authorization is bypassed for authenticated users who login through the CLI even if authorization has been configured. Beginning in privileged EXEC mode, follow these steps to specify TACACS+ authorization for EXEC access and network services: Step 1 Step 2 Step 3 Step 4 Command Purpose configure terminal Enter global configuration mode. aaa authorization network tacacs+ Configure the switch for user TACACS+ authorization for all network-related service requests. aaa authorization exec tacacs+ Configure the switch for user TACACS+ authorization to determine if the user is allowed EXEC access. The exec keyword might return user profile information (such as autocommand information). exit Return to privileged EXEC mode. 78-6511-08 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 6-53