Contents
vii
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
CHAPTER
6Administering the Switch 6-1
Preventing Unauthorized Access to Your Switch 6-1
Protecting Access to Privileged EXEC Commands 6-2
Default Password and Privilege Level Configuration 6-3
Setting or Changing a Static Enable Password 6-3
Protecting Enable and Enable Secret Passwords with Encryption 6-4
Disabling Password Recovery 6-5
Setting a Telnet Password for a Terminal Line 6-6
Configuring Username and Password Pairs 6-7
Configuring Multiple Privilege Levels 6-8
Setting the Privilege Level for a Command 6-8
Changing the Default Privilege Level for Lines 6-9
Logging into and Exiting a Privilege Level 6-10
Controlling Switch Access with TACACS+ 6-10
Understanding TACACS+ 6-10
TACACS+ Operation 6-12
Configuring TACACS+ 6-13
Default TACACS+ Configuration 6-13
Identifying the TACACS+ Server Host and Setting the Authentication Key 6-13
Configuring TACACS+ Login Authentication 6-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 6-16
Starting TACACS+ Accounting 6-17
Displaying the TACACS+ Configuration 6-17
Controlling Switch Access with RADIUS 6-17
Understanding RADIUS 6-18
RADIUS Operation 6-19
Configuring RADIUS 6-19
Default RADIUS Configuration 6-20
Identifying the RADIUS Server Host 6-20
Configuring RADIUS Login Authentication 6-23
Defining AAA Server Groups 6-24
Configuring RADIUS Authorization for User Privileged Access and Network Services 6-26
Starting RADIUS Accounting 6-27
Configuring Settings for All RADIUS Servers 6-28
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 6-28
Configuring the Switch for Vendor-Proprie tary RADIUS Server Communication 6-2 9
Displaying the RADIUS Configuration 6-30
Configuring the Switch for Local Authentication and Authorization 6-31