Accessing the switch
Configuring TACACS+ authentication on the switch (CLI example)
1.Turn TACACS+ authentication on, and then configure the Primary and Secondary TACACS+ servers.
>> | Main# /cfg/sys/tacacs | (Select the TACACS+ Server menu) |
>> | TACACS+ Server# on | (Turn TACACS+ on) |
Current status: OFF |
| |
New status: ON |
|
>>TACACS+ Server# prisrv 10.10.1.1 (Enter primary server IP) Current primary TACACS+ server: 0.0.0.0
New pending primary TACACS+ server: 10.10.1.1
>>TACACS+ Server# secsrv 10.10.1.2 (Enter secondary server IP) Current secondary TACACS+ server: 0.0.0.0
New pending secondary TACACS+ server: 10.10.1.2
2.Configure the TACACS+ secret and second secret.>>TACACS+ Server# secret
Enter new TACACS+ secret:
Enter new TACACS+ second secret:
CAUTION: If you configure the TACACS+ secret using any method other than a direct console connection, the secret may be transmitted over the network as clear text.
3.If desired, you may change the default TCP port number used to listen to TACACS+. The
>>TACACS+ Server# port Current TACACS+ port: 49
Enter new TACACS+ port
4.Configure the number retry attempts for contacting the TACACS+ server and the timeout period.
>>TACACS+ Server# retries
Current TACACS+ server retries: 3
Enter new TACACS+ server retries
Current TACACS+ server timeout: 5
Enter new TACACS+ server timeout
>> TACACS+ Server# usermap 2
Current privilege mapping for remote privilege 2: not set
Enter new local privilege mapping: user
>>TACACS+ Server# usermap 3 user
>>TACACS+ Server# usermap 4 user
>>TACACS+ Server# usermap 5 oper
6.Apply and save the configuration.28