6-61
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
78-6511-05
Chapter 6 Configuring the System
Configuring TACACS+
Configuring Static Addresses for EtherChannel Port Groups
Follow these rules if you are configuring a static address to forward to ports in an
EtherChannel port group:
• For default source-based port groups, configure the static address to forward
to all ports in the port group to eliminate lost packets.
• For destination-based port groups, configure the address to forward to only
one port in the port group to avoid the transmission of duplicate packets.
Configuring TACACS+
The Terminal Access Controller Access Control System Plus (TACACS+)
provides the means to manage network security (authentication, authorization,
and accounting [AAA]) from a server. This section describes how TACACS+
works and how you can configure it. For complete syntax and usage information
for the commands described in this chapter, refer to the Cisco IOS Release 12.0
Security Command Reference.
You can only configure this feature by using the CLI; you cannot configure it
through the Cluster Management Suite.
In large enterprise networks, the task of administering passwords on each device
can be simplified by centralizing user authentication on a server. TACACS+ is an
access-control protocol that allows a switch to authenticate all login attempts
through a central server. The network administrator configures the switch with the
address of the TACACS+ server, and the switch and the server exchange messages
to authenticate each user before allowing access to the management console.
TACACS+ consists of three services: authentication, authorization, and
accounting. Authentication determines who the user is and whether or not the user
is allowed access to the switch. Authorization is the action of determining what
the user is allowed to do on the system. Accounting is the action of collecting data
related to resource usage.
To Next Page
Loading...
