6-65
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
78-6511-05
Chapter 6 Configuring the System
Configuring TACACS+
To create a default list that is used if no list is specified in the login
authentication line configuration command, use the default keyword followed
by the methods you want used in default situations.
The additional methods of authentication are used only if the previous method
returns an error, not if it fails. To specify that the authentication succeed even if
all methods return an error, specify none as the final method in the command line.
Specifying TACACS+ Authorization for EXEC Access and
Network Services
You can use the aaa authorization global configuration command with the
tacacs+ keyword to set parameters that restrict a user’s network access to Cisco
IOS privilege mode (EXEC access) and to network services such as Serial Line
Internet Protocol (SLIP), Point-to-Point Protocol (PPP) with Network Control
Protocols (NCPs), and AppleTalk Remote Access (ARA).
The aaa authorization exec tacacs+ local command sets the following
authorization parameters:
• Uses TACACS+ for EXEC access authorization if authentication was done
using TACACS+.
• Uses the local database if authentication was not done using TACACS+.
Note Authorization is bypassed for authenticated users who login through the CLI
even if authorization has been configured.
To Next Page
Loading...
