Cisco Systems DOC-7814982 TACACS+ and RADIUS, Access Mo des in CMS

6-17

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 6 Clustering Swit ches Planning a Switch Cluster

TACACS+ and RADIUS

Inconsistent authe nticati on configuratio ns in switch clusters cause CMS to contin ually prompt for a user

name and pa ssword. If Terminal A cce ss Cont rolle r A cces s Co ntrol Syst em Plus ( TACACS+) is

configured on a c lust er membe r, it must b e configured on a ll c lust er m em bers. Simil arl y, if Remot e

Authentic ation Dial-In User Ser vice (RADIUS) is co nfigured on a cluster member , it must be conf igured

on all clus ter memb ers. Furth er, the same switc h clust er cannot have some membe rs configured wi th

TACACS+ and other me mbers con figured with RADIUS .

For more inf ormation about TA CACS+, see the “Controllin g Switch Access with TA CA CS+” sectio n on

page 7-10. For more informa tion a bout RADIU S, see th e “Controlling Switch Access with RADIUS”

section on page 7-18.

CMS pro vides tw o le v e ls of acce ss to the co nf igurat ion options: read-wr ite ac cess and read -only ac cess.

Privilege levels 0 to 15 are sup ported.

•Privilege level 15 provides you with read-write access to CMS.

•Privilege levels 1 to 14 provide you with read-only access to CMS. Any options in the CMS

windows, m enu b ar, toolba r, and popu p m enus that ch ange t he s wit ch o r cl uste r co nfigur ati on are

not shown in read-on ly mode.

•Privilege level 0 denies access to CMS.

For more information about CMS access modes, see the “Access Modes in CMS” sec tion on page 3 -31.

Note • If your clu ster has these member switches run ning earlie r software re leases and if you have

read- only acces s to these me mber switch es, som e conf iguratio n windo ws for those switches di splay

incomplete information:

–

Catalyst 290 0 XL o r Cata lyst 3 500 X L me mb er sw itch es ru nni ng Re le ase 12. 0(5 )WC2 or

earlier

–

Catalyst 295 0 member swi tches runni ng Release 12 .0(5)WC2 or e arlier

–

Catalyst 355 0 member sw itches run ning Release 12 .1(6)E A1 or earlie r

For more information about this limitation, refer to the release notes.

•These switc hes d o n ot su ppo rt r ead- only mo de on CMS:

–

Catalyst 190 0 and Cat alyst 28 20

–

Catalyst 2900 X L switches with 4-MB CPU DRAM

In rea d-o nly mod e, t h ese sw itc hes a ppea r as unavailable devices an d ca nno t be con figured fro m

CMS.