Contents
ix
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Protecting Access to Privileged EXEC Commands 9-2
Default Password and Privilege Level Configuration 9-2
Setting or Changing a Static Enable Password 9-3
Protecting Enable and Enable Secret Passwords with Encryption 9-3
Disabling Password Recovery 9-5
Setting a Telnet Password for a Terminal Line 9-6
Configuring Username and Password Pairs 9-7
Configuring Multiple Privilege Levels 9-8
Setting the Privilege Level for a Command 9-8
Changing the Default Privilege Level for Lines 9-9
Logging into and Exiting a Privilege Level 9-10
Controlling Switch Access with TACACS+ 9-10
Understanding TACACS+ 9-10
TACACS+ Operation 9-12
Configuring TACACS+ 9-13
Default TACACS+ Configuration 9-13
Identifying the TACACS+ Server Host and Setting the Authentication Key 9-13
Configuring TACACS+ Login Authentication 9-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 9-16
Starting TACACS+ Accounting 9-17
Establishing a Session with a Router if the AAA Server is Unreachable 9-18
Displaying the TACACS+ Configuration 9-18
Controlling Switch Access with RADIUS 9-18
Understanding RADIUS 9-18
RADIUS Operation 9-20
RADIUS Change of Authorization 9-20
Overview 9-20
Change-of-Authorization Requests 9-21
CoA Request Response Code 9-22
CoA Request Commands 9-23
Stacking Guidelines for Session Termination 9-26
Configuring RADIUS 9-27
Default RADIUS Configuration 9-27
Identifying the RADIUS Server Host 9-27
Configuring RADIUS Login Authentication 9-30
Defining AAA Server Groups 9-32
Configuring RADIUS Authorization for User Privileged Access and Network Services 9-34
Starting RADIUS Accounting 9-35
Establishing a Session with a Router if the AAA Server is Unreachable 9-36
Configuring Settings for All RADIUS Servers 9-36