Chapter 6 Configuring the System
Configuring TACACS+
6-62
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
78-6511-05
The TACACS+ feature is disabled by default. However, you can enable and
configure it by using the CLI. You can access the CLI through the console port or
through Telnet. To prevent a lapse in security, you cannot configure TACACS+
through a network-management application. When enabled, TACACS+ can
authenticate users accessing the switch through the CLI.
Note Although the TACACS+ configuration is performed through the CLI, the
TACACS+ server authenticates HTTP connections that have been configured
with a privilege level of 15.
Configuring the TACACS+ Server Host
Use the tacacs-server host command to specify the names of the IP host or hosts
maintaining an AAA/TACACS+ server. On TACACS+ servers, you can configure
the following additional options:
• Number of seconds that the switch waits while trying to contact the server
before timing out.
• Encryption key to encrypt and decrypt all traffic between the router and the
daemon.
• Number of attempts that a user can make when entering a command that is
being authenticated by TACACS+.
To Next Page
Loading...
