8-10
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 8 Configuring Switch-Based Authentication
Controlling Switch Access with TACACS+
Logging into and Exiting a Privilege Level
Beginning in privileged EXEC mode, follow these steps to log in to a specified privilege level and to exit
to a specified privilege level:
Controlling Switch Access with TACACS+
This section describes how to enable and configure TACACS+, which provides detailed accounting
information and flexible administrative control over authentication and authorization processes.
TACACS+ is facilitated through authentication, authorization, accounting (AAA) and can be enabled
only through AAA commands.
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Security Command Reference for Cisco IOS Release 12.1.
This section contains this configuration information:
• Understanding TACACS+, page 8-10
• TACACS+ Operation, page 8-12
• Configuring TACACS+, page 8-12
• Displaying the TACACS+ Configuration, page 8-17
Understanding TACACS+
TACACS+ is a security application that provides centralized validation of users attempting to gain access
to your switch. TACACS+ services are maintained in a database on a TACACS+ daemon typically
running on a UNIX or Windows NT workstation. You should have access to and should configure a
TACACS+ server before the configuring TACACS+ features on your switch.
TACACS+ provides for separate and modular authentication, authorization, and accounting facilities.
TACACS+ allows for a single access control server (the TACACS+ daemon) to provide each
service—authentication, authorization, and accounting—independently. Each service can be tied into its
own database to take advantage of other services available on that server or on the network, depending
on the capabilities of the daemon.
The goal of TACACS+ is to provide a method for managing multiple network access points from a single
management service. Your switch can be a network access server along with other Cisco routers and
access servers. A network access server provides connections to a single user, to a network or
subnetwork, and to interconnected networks as shown in Figure 8-1.
Command Purpose
Step 1
enable level Log in to a specified privilege level.
For level, the range is 0 to 15.
Step 2
disable level Exit to a specified privilege level.
For level, the range is 0 to 15.
To Next Page
Loading...
Need help?
General
