7-13
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Chapter 7 Configuring Switch-Based Authentication Controlling Switch Access with TACACS+
For information about the command, see this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_command_reference_chapter0918
6a00800ca6d8.html#wp1019867
These sections contain this configuration information:
Default TACACS+ Configuration, page 7-13
Identifying the TACACS+ Server Host and Setting the Authentication Key, page 7-13
Configuring TACACS+ Login Authentication, page 7-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services,
page 7-16
Starting TACACS+ Accounting, page 7-17
Default TACACS+ Configuration
TACACS+ and AAA are disabled by default.
To prevent a lapse in security, you cannot configure TACACS+ through a network management
application. When enabled, TACACS+ can authenticate users accessing the switch through the CLI.
Note Although TACACS+ configuration is performed through the CLI, the TACACS+ server authenticates
HTTP connections that have been configured with a privilege level of 15.
Identifying the TACACS+ Server Host and Setting the Authentication Key
You can configure the switch to use a single server or AAA server groups to group existing server hosts
for authentication. You can group servers to select a subset of the configured server hosts and use them
for a particular service. The server group is used with a global server-host list and contains the list of IP
addresses of the selected server hosts.