Contents
x
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Default TACACS+ Configuration 10-13
Identifying the TACACS+ Server Host and Setting the Authentication Key 10-13
Configuring TACACS+ Login Authentication 10-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 10-16
Starting TACACS+ Accounting 10-17
Displaying the TACACS+ Configuration 10-17
Controlling Switch Access with RADIUS 10-17
Understanding RADIUS 10-18
RADIUS Operation 10-19
RADIUS Change of Authorization 10-19
Change-of-Authorization Requests 10-20
CoA Request Response Code 10-21
CoA Request Commands 10-22
Stacking Guidelines for Session Termination 10-25
Configuring RADIUS 10-26
Default RADIUS Configuration 10-27
Identifying the RADIUS Server Host 10-27
Configuring RADIUS Login Authentication 10-29
Defining AAA Server Groups 10-31
Configuring RADIUS Authorization for User Privileged Access and Network Services 10-33
Starting RADIUS Accounting 10-34
Configuring Settings for All RADIUS Servers 10-35
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 10-35
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 10-36
Configuring CoA on the Switch 10-37
Monitoring and Troubleshooting CoA Functionality 10-38
Configuring RADIUS Server Load Balancing 10-39
Displaying the RADIUS Configuration 10-39
Controlling Switch Access with Kerberos 10-39
Understanding Kerberos 10-39
Kerberos Operation 10-41
Authenticating to a Boundary Switch 10-42
Obtaining a TGT from a KDC 10-42
Authenticating to Network Services 10-42
Configuring Kerberos 10-42
Configuring the Switch for Local Authentication and Authorization 10-43
Configuring the Switch for Secure Shell 10-44
Understanding SSH 10-45
SSH Servers, Integrated Clients, and Supported Versions 10-45
Limitations 10-46