TACACS+ Authentication
Configuring TACACS+ on the Switch
Caution
When a TACACS+ server authenticates an access request from a switch, it includes a privilege level code for the switch to use in determining which privilege level to grant to the terminal requesting access. The switch interprets a privilege level code of “15” as authorization for the Manager (read/write) privilege level access. Privilege level codes of 14 and lower result in Operator
If you are a
4.Ensure that the switch has the correct local username and password for Manager access. (If the switch cannot find any designated TACACS+ servers, the local manager and operator username/password pairs are always used as the secondary access control method.)
You should ensure that the switch has a local Manager password. Other- wise, if authentication through a TACACS+ server fails for any reason, then unauthorized access will be available through the console port or Telnet.
5.Using a terminal device connected to the switch’s console port, configure the switch for TACACS+ authentication only for telnet login access and telnet enable access. At this stage, do not configure TACACS+ authenti- cation for console access to the switch, as you may need to use the console for access if the configuration for the Telnet method needs debugging.
6.Ensure that the switch is configured to operate on your network and can communicate with your
7.On a remote terminal device, use Telnet to attempt to access the switch. If the attempt fails, use the console access to check the TACACS+ configuration on the switch. If you make changes in the switch configu- ration, check Telnet access again. If Telnet access still fails, check the