TACACS+ Authentication

Configuring TACACS+ on the Switch

Syntax: aaa authentication

< console telnet ssh web port-access >

Selects the access method for configuration.

< enable>

The server grants privileges at the Manager privilege level.

<login [privilege-mode] >

The server grants privileges at the Operator privilege level. If the privilege-modeoption is entered, TACACS+ is enabled for a single login. The authorized privilege level (Operator or Manager) is returned to the switch by the TACACS+ server.

Default: Single login disabled.

< local tacacs radius >

Selects the type of security access:

local Authenticates with the Manager and Operator password you configure in the switch.

tacacs Authenticates with a password and other data configured on a TACACS+ server.

radius Authenticates with a password and other data configured on a RADIUS server.

[< local none >]

If the primary authentication method fails, determines whether to use the local password as a secondary method or to disallow access.

aaa authentication num-attempts < 1-10 >

Specifies the maximum number of login attempts allowed in the current session. Default: 3

Authentication Parameters

Table 4-1. AAA Authentication Parameters

Name

Default

Range

Function

console, Telnet,

n/a

n/a

Specifies the access method used when authenticating. TACACS+

SSH, web or port-

 

 

authentication only uses the console, Telnet or SSH access methods.

access

 

 

 

4-12