| TACACS+ Authentication | |
| General Authentication Setup Procedure | |
2. Determine the following: |
| |
• The IP address(es) of the TACACS+ | • The period you want the switch to | |
server(s) you want the switch to use | wait for a reply to an authentication | |
for authentication. If you will use | request before trying another | |
more than one server, determine | server. | |
which server is your | • The username/password pairs you | |
authentication services. | want the TACACS+ server to use for | |
• The encryption key, if any, for | controlling access to the switch. | |
allowing the switch to communicate | • The privilege level you want for | |
with the server. You can use either a | each username/password pair | |
global key or a | administered by the TACACS+ | |
depending on the encryption | server for controlling access to the | |
configuration in the TACACS+ | switch. | |
server(s). | • The username/password pairs you | |
• The number of | ||
want to use for local authentication | ||
will allow before closing a | (one pair each for Operator and | |
session. (Default: 3) | Manager levels). |
3. Plan and enter the TACACS+ server configuration needed to support TACACS+ operation for Telnet access (login and enable) to the switch. This includes the username/password sets for logging in at the Operator
Note on | When a TACACS+ server authenticates an access request from a switch, |
Privilege Levels | it includes a privilege level code for the switch to use in determining which |
| privilege level to grant to the terminal requesting access. The switch |
| interprets a privilege level code of "15" as authorization for the Manager |
| (read/write) privilege level access. Privilege level codes of 14 and lower |
| result in Operator |
| TACACS+ server response to a request that includes a username/pass- |
| word pair that should have Manager privileges, you must use a privilege |
| level of 15. For more on this topic, refer to the documentation you received |
| with your TACACS+ server application. |
| If you are a |
| |
| you configure only the minimum feature set required by the TACACS+ |
| application to provide service in your network environment. After you |
| have success with the minimum feature set, you may then want to try |
| additional features that the application offers. |
| 4. Ensure that the switch has the correct local username and password for |
| Manager access. (If the switch cannot find any designated TACACS+ |
| servers, the local manager and operator username/password pairs are |
| always used as the secondary access control method.) |