DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode.Device>enable
Step 1
•
Enter your password if prompted.
Enters global configuration mode.Device#configure terminal
Step 2
Enables DNIS mapping.Device (config)#aaa dnis map enable
Step 3
Maps a DNIS number to a defined AAA server group; the
servers in this server group are being used for authentication.
Router(config)# aaa dnis map dnis-number
authentication ppp group server-group-name
Step 4
Maps a DNIS number to a defined AAA server group; the
servers in this server group are being used for accounting.
Router(config)# aaa dnis map dnis-number
accounting network [none | start-stop | stop-only]
group server-group-name
Step 5
TACACS+ Configuration Options
You can configure the switch to use a single server or AAA server groups to group existing server hosts for
authentication. You can group servers to select a subset of the configured server hosts and use them for a
particular service. The server group is used with a global server-host list and contains the list of IP addresses
of the selected server hosts.
TACACS+ Login Authentication
A method list describes the sequence and authentication methods to be queried to authenticate a user. You
can designate one or more security protocols to be used for authentication, thus ensuring a backup system for
authentication in case the initial method fails. The software uses the first method listed to authenticate users;
if that method fails to respond, the software selects the next authentication method in the method list. This
process continues until there is successful communication with a listed authentication method or until all
defined methods are exhausted. If authentication fails at any point in this cycle—meaning that the security
server or local username database responds by denying the user access—the authentication process stops, and
no other authentication methods are attempted.
TACACS+ Authorization for Privileged EXEC Access and Network Services
AAA authorization limits the services available to a user. When AAA authorization is enabled, the switch
uses information retrieved from the user’s profile, which is located either in the local user database or on the
security server, to configure the user’s session. The user is granted access to a requested service only if the
information in the user profile allows it.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
882
Information About TACACS+
To Next Page
Loading...
Need help?
General
