EasyManua.ls Logo

Cisco Catalyst 2950 - Specifying TACACS+ Authorization for Privileged EXEC Access and Network Services; Starting TACACS+ Accounting

Cisco Catalyst 2950
376 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
6-22
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-03
Chapter 6 Configuring the System
Configuring TACACS+
tacacs+Uses TACACS+ authentication. You must configure the TACACS+ server before you can
use this authentication method. For more information, see the Configuring the TACACS+ Server
Host sectiononpage6-20.
To create a default list that is used if no list is specified in the login authentication line configuration
command, use the default keyword followed by the methods that you want used in default situations.
The additional methods of authentication are used only if previous method returns an error, not if it fails.
To specify that the authentication should succeed even if all methods return an error, specify none as the
final method in the command line.
Specifying TACACS+ Authorization for Privileged EXEC Access and Network
Services
You can use the aaa authorization global configuration command with the tacacs+ keyword to set
parameters that restrict a users network access to Cisco IOS privileged-mode (EXEC access) and to
network services such as Serial Line Internet Protocol (SLIP), Point-to-Point Protocol (PPP) with
Network Control Protocols (NCPs), and AppleTalk Remote Access (ARA).
The aaa authorization exec tacacs+ local command sets these authorization parameters:
Uses TACACS+ for privileged EXEC access authorization if authentication was done by using
TACACS+.
Uses the local database if authentication was not done by using TACACS+.
Note Authorization is bypassed for authenticated users who login through the CLI even if authorization has
been configured.
Beginning in privileged EXEC mode, follow these steps to specify TACACS+ authorization for
privileged EXEC access and network services:
Starting TACACS+ Accounting
You u se the aaa accounting command with the tacacs+ keyword to turn on TACACS+ accounting for
each Cisco IOS privilege level and for network services.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
aaa authorization network tacacs+ Configure the switch for user TACACS+ authorization for all
network-related service requests, including SLIP, PPP NCPs, and ARA
protocols.
Step 3
aaa authorization exec tacacs+ Configure the switch for user TACACS+ authorization to determine if the
user is allowed privileged EXEC access.
The exec keyword might return user profile information (such as
autocommand information).
Step 4
exit Return to privileged EXEC mode.
Step 5
show running-config Verify your entries.

Table of Contents

Other manuals for Cisco Catalyst 2950

Preview: Software Configuration Guide
Software Configuration Guide674 pages
Preview: Command Reference
Command Reference686 pages
Preview: Getting Started Guide
Getting Started Guide28 pages
Preview: Hardware Installation Guide
Hardware Installation Guide232 pages
Preview: Datasheet
Datasheet19 pages

Related product manuals