Enhancements in Release F.02.02

TACACS+ Authentication for Centralized Control of Switch Access Security

Caution

You should ensure that the switch has a local Manager password. Otherwise, if authentication through a TACACS+ server fails for any reason, then unauthorized access will be available through the console port or Telnet.

6.Using a terminal device connected to the switch’s console port, configure the switch for TACACS+ authentication only for telnet login access and telnet enable access. At this stage, do not configure TACACS+ authentication for console access to the switch, as you may need to use the console for access if the configuration for the Telnet method needs debugging.

7.On a remote terminal device, use Telnet to attempt to access the switch. If the attempt fails, use the console access to check the TACACS+ configuration on the switch. If you make changes in the switch configuration, check Telnet access again. If Telnet access still fails, check the configuration in your TACACS+ server application for mis-configurations or missing data that could affect the server’s interoperation with the switch.

8.After your testing shows that Telnet access using the TACACS+ server is working properly, configure your TACACS+ server application for console access. Then test the console access. If access problems occur, check for and correct any problems in the switch configuration, and then test console access again. If problems persist, check your TACACS+ server application for mis-configurations or missing data that could affect the console access.

9.When you are confident that TACACS+ access through both Telnet and the switch’s console operates properly, use the write memory command to save the switch’s running-config file to flash.

171