TACACS+ Authentication
Configuring TACACS+ on the Switch
TableName | Default | Range | Function |
console | n/a | n/a | Specifies whether the command is configuring authentication for the console port |
- or - |
|
| or Telnet access method for the switch. |
telnet |
|
|
|
|
|
|
|
enable | n/a | n/a | Specifies the privilege level for the access method being configured. |
- or - |
|
| login: Operator |
login |
|
| enable: Manager |
|
|
|
|
local | local | n/a | Specifies the primary method of authentication for the access method being |
- or - |
|
| configured. |
tacacs |
|
| local: Use the username/password pair configured locally in the switch for |
|
|
| the privilege level being configured |
|
|
| tacacs: Use a TACACS+ server. |
|
|
|
|
local | none | n/a | Specifies the secondary (backup) type of authentication being configured. |
- or - |
|
| local: The username/password pair configured locally in the switch for the |
none |
|
| privilege level being configured |
|
|
| none: No secondary type of authentication for the specified |
|
|
| method/privilege path. (Available only if the primary method of |
|
|
| authentication for the access being configured is local.) |
|
|
| Note: If you do not specify this parameter in the command line, the switch |
|
|
| automatically assigns the secondary method as follows: |
|
|
| • If the primary method is tacacs, the only secondary method is local. |
|
|
| • If the primary method is local, the default secondary method is none. |
|
|
|
|
3 | 1 - 10 | In a given session, specifies how many tries at entering the correct username/ | |
|
|
| password pair are allowed before access is denied and the session terminated. |
|
|
|
|
As shown in the next table, login and enable access is always available locally through a direct terminal connection to the switch’s console port. However, for Telnet access, you can configure TACACS+ to deny access if a TACACS+ server goes down or otherwise becomes unavailable to the switch.