12-5
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 12 Configuring Switch-Based Authentication
Information About Configuring Switch-Based Authentication
Switch Access with TACACS+
This section describes how to enable and configure Terminal Access Controller Access Control System
Plus (TACACS+), which provides detailed accounting information and flexible administrative control
over authentication and authorization processes. TACACS+ is facilitated through authentication,
authorization, accounting (AAA) and can be enabled only through AAA commands.

TACACS+

TACACS+ is a security application that provides centralized validation of users attempting to gain access
to your switch. TACACS+ services are maintained in a database on a TACACS+ daemon typically
running on a UNIX or Windows NT workstation. You should have access to and should configure a
TACACS+ server before the configuring TACACS+ features on your switch.
TACACS+ provides for separate and modular authentication, authorization, and accounting facilities.
TACACS+ allows for a single access control server (the TACACS+ daemon) to provide each
service—authentication, authorization, and accounting—independently. Each service can be tied into its
own database to take advantage of other services available on that server or on the network, depe nding
on the capabilities of the daemon.
The goal of TACACS+ is to provide a method for managing multiple network access points from a single
management service. Your switch can be a network access server along with other Cisco routers a nd
access servers. A network access server provides connections to a single user, to a network or
subnetwork, and to interconnected networks as shown in Figure 12-1.
Figure 12-1 Typical TACACS+ Network Configuration
101230
UNIX workstation
(TACACS+
server 2)
UNIX workstation
(TACACS+
server 1)
Configure the switches with the
TACA C S+ server addresses.
Set an authentication key
(also configure the same key on
the TACACS+ servers).
Enable AAA.
Create a login authentication method list.
Apply the list to the terminal lines.
Create an authorization and accounting
method list as required.
Catalyst 6500
series switch
Workstations
171.20.10.8
171.20.10.7
Workstations