Cisco Systems 2940 SNMP Community Strings, TACACS+ and RADIUS, Access Modes in CMS

5-13

Catalyst 2940 Switch Software Configuration Guide

78-15507-02

Chapter5 Clustering Switches Planning a Switch Cluster

If you change the member-switch password to be d if ferent fr om the c ommand- switch pass word an d sa v e

the change, the switch is not manageable by the command switch until you change the member-switch

password to match the command-switch password. Rebooting the membe r s witc h d oes not revert the

password back to the command-switch password. We recommend that you do not cha nge th e

member-switch password after it joins a cluster.

For more information about passwords, see the “Preventing Unauthorized Access to Your Switch”

section on page 7-1.

For password considerations specific to the Catalyst 1900 and Catalyst 2820 switches, refer to t he

installation and configuration guides for those switches.

SNMP Community Strings

A member switch inherits the command-switch first read-only (RO) and read-write (RW) community

strings with @esN appended to the community strings:

•command-switch-readonly-community-string@esN, where N is the member-switch number.

•command-switch-readwrite-community-string@esN, where N is the member-switch number.

If the command switch has multiple read-only or read-write community strings, only the first read-only

and read-write strings are propagated to the member switch.

The switches support an unlimited number of community strings and string lengths. For more

information about SNMP and community strings, see Chapter 23, “Configuring SNMP.”

For SNMP considerations specific to the Catalyst1900 and Catalyst 2820 switches, refer to the

installation and configuration guides specific to those switches.

TACACS+ and RADIUS

Inconsistent authentication configurations in switch clusters cause CMS to continually prompt for a user

name and password. If Terminal Access Controller Access Control System Plus (TACACS+) is

configured on a cluster member, it must be configured on all cluster members. Simi larl y, if Remote

Authentication Dial-In User Service (RADIUS) is configured on a cluster member, it must be conf igured

on all cluster members. Further, the same switch cluster cannot have some members configured with

TACACS+ and other members configured with RADIUS.

For more information about TA CA CS+, see the “Contro lling Switch Access with TACACS+” section on

page 7-9. For more information about RADIUS, see the “Controlling Switch Access with RADIUS”

section on page 7-16.

Access Modes in CMS

CMS provides two levels of access to the configuration options: read-write ac cess and r ead-only access.

Privilege levels 0to 15 are suppor ted.

•Privilege level15 provides you with read-write access to CMS.

•Privilege levels1 to 14 provide you with read-only access to CMS. Any options in the CMS

windows, menu bar, toolbar, and popup menus that change the switch or cl uste r co nfigur ati on are

not shown in read-only mode.

•Privilege level0 denies access to CMS.