7-16
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter7 Configuring Switch-Based Authentication
Controlling Switch Access with TACACS+
Note To secure the switch for HTTP access by using AAA methods, you must configure the switch with the
ip http authentication aaa global configuration command. C onfiguri ng AA A au then tic atio n d oe s no t
secure the switch for HTTP access by using AAA methods.
For more information about the ip http authentication command, see the Cisco IOS Security Command
Reference, Release 12.2.
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
AAA authorization limits the services available to a user. When AAA authorization is enabled, the
switch uses information retrieved from the user’s profile, which is located either in the local user
database or on the security server, to configure the user’s session. The user is gra nte d acce ss to a
requested service only if the information in the user profile allows it.
You can use the aaa authorization global configuration command with the tacacs+ keyword to set
parameters that restrict a user’s network access to privileged EXEC mode.
The aaa authorization exec tacacs+ local command sets these authorization parameters:
Use TACACS+ for privileged EX EC acc ess au thorization if authentication was performed by using
TACACS+.
Use the local database if authentication was not performed by using TACACS+.
Note Authorization is bypassed for authenticated users who log in thro ugh th e CLI even if aut hori zat ion ha s
been configured.
Beginning in privileged EXEC mode, follow these steps to specify TACACS+ authorization for
privileged EXEC access and network services:
To disable authorization, use the no aaa authorization {network | exec} method1 global configuration
command.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 aaa authorization network tacacs+ Configure the switch for user TACACS+ authorization for all
network-related service requests.
Step3 aaa authorization exec tacacs+ Configure the switch for user TACACS+ authorization if the user has
privileged EXEC access.
The exec keyword might return user profile information (such as
autocommand information).
Step4 end Return to privileged EXEC mode.
Step5 show running-config Verify your entries.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.