Name: Cisco Catalyst 3750-X
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

10-10

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-21521-01

Chapter 10 Configuring Switch-Based Authentication

Controlling Switch Access with TACACS+

This section describes how to enable and configure Terminal Access Controller Access Control System

Plus (TACACS+), which provides detailed accounting information and flexible administrative control

over authentication and authorization processes. TACACS+ is facilitated through authentication,

authorization, accounting (AAA) and can be enabled only through AAA commands.

Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS

Security Command Reference, Release 12.2.

These sections contain this configuration information:

• Understanding TACACS+, page 10-10

• TACACS+ Operation, page 10-12

• Configuring TACACS+, page 10-12

• Displaying the TACACS+ Configuration, page 10-17

Understanding TACACS+

TACACS+ is a security application that provides centralized validation of users attempting to gain access

to your switch. TACACS+ services are maintained in a database on a TACACS+ daemon typically

running on a UNIX or Windows NT workstation. You should have access to and should configure a

TACACS+ server before the configuring TACACS+ features on your switch.

Note We recommend a redundant connection between a switch stack and the TACACS+ server. This is to help

ensure that the TACACS+ server remains accessible in case one of the connected stack members is

removed from the switch stack.

TACACS+ provides for separate and modular authentication, authorization, and accounting facilities.

TACACS+ allows for a single access control server (the TACACS+ daemon) to provide each

service—authentication, authorization, and accounting—independently. Each service can be tied into its

own database to take advantage of other services available on that server or on the network, depending

on the capabilities of the daemon.

The goal of TACACS+ is to provide a method for managing multiple network access points from a single

management

service. Your switch can be a network access server along with other Cisco routers and

access servers. A network access server provides connections to a single user, to a network or

subnetwork, and to interconnected networks as shown in Figure 10-1.

Cisco Catalyst 3750-X User Manual

Other manuals for Cisco Catalyst 3750-X