Chapter 6 Configuring the System
Configuring TACACS+
6-64
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
78-6511-05
Configuring Login Authentication
Beginning in privileged EXEC mode, follow these steps to configure login
authentication by using AAA/TACACS+:
The variable list-name is any character string used to name the list you are
creating. The method variable refers to the actual methods the authentication
algorithm tries, in the sequence entered. You can choose one of these methods:
• line—Uses the line password for authentication. You must define a line
password before you can use this authentication method. Use the password
password line configuration command.
• local—Uses the local username database for authentication. You must enter
username information into the database. Use the username password global
configuration command.
• tacacs+—Uses TACACS+ authentication. You must configure the
TACACS+ server before you can use this authentication method. For more
information, see the “Configuring the TACACS+ Server Host” section on
page 6-62.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
aaa new-model Enable AAA/TACACS+.
Step 3
aaa authentication login
{default | list-name} method1
[method2...]
Enable authentication at login, and create one or more lists
of authentication methods.
Step 4
line [aux | console | tty | vty]
line-number
[ending-line-number]
Enter line configuration mode, and configure the lines to
which you want to apply the authentication list.
Step 5
login authentication {default |
list-name}
Apply the authentication list to a line or set of lines.
Step 6
exit Return to privileged EXEC mode.
Step 7
show running-config Verify your entries.
To Next Page
Loading...
