Cisco WS-C6506 - Page 954

1488 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

39-20

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

OL-8978-04

Chapter 39 Configuring the Switch Access Using AAA

Configuring Authentication on the Switch

To specify one or more TACACS+ servers, perform this task in privileged mode:

This example shows how to specify TACACS+ servers and verify the configuration:

Console> (enable) set tacacs server 172.20.52.3

172.20.52.3 added to TACACS server table as primary server.

Console> (enable) set tacacs server 172.20.52.2 primary

172.20.52.2 added to TACACS server table as primary server.

Console> (enable) set tacacs server 172.20.52.10

172.20.52.10 added to TACACS server table as backup server.

Console> (enable)

Console> (enable) show tacacs

Login Authentication: Console Session Telnet Session

--------------------- ---------------- ----------------

tacacs disabled disabled

radius disabled disabled

local enabled(primary) enabled(primary)

Enable Authentication: Console Session Telnet Session

---------------------- ----------------- ----------------

tacacs disabled disabled

radius disabled disabled

local enabled(primary) enabled(primary)

Tacacs key:

Tacacs login attempts: 3

Tacacs timeout: 5 seconds

Tacacs direct request: disabled

Tacacs-Server Status

---------------------------------------- -------

172.20.52.3

172.20.52.2 primary

172.20.52.10

Console> (enable)

Enabling TACACS+ Authentication

Note Specify at least one TACACS+ server before enabling TACACS+ authentication on the switch. For

information on specifying a TACACS+ server, see the “Specifying TACACS+ Servers” section on

page 39-19.

You can enable TACACS+ authentication for login and enable access to the switch. If desired, you can

use the console and telnet keywords to specify that TACACS+ authentication is used only on the console

or Telnet connections. If you are using both RADIUS and TACACS+, you can use the primary keyword

to force the switch to try TACACS+ authentication first.

Task Command

Step 1

Specify the IP address of one or more TACACS+

servers.

set tacacs server ip_addr [primary]

Step 2

Verify the TACACS+ configuration. show tacacs

Table of Contents

Related product manuals

Preview: Cisco WS-C6509

Preview: Cisco WS-C2950-24

Cisco WS-C2950-24

Preview: Cisco WS-C2950-12

Cisco WS-C2950-12

Cisco WS-C2940-8TT-S

Preview: Cisco WS-C3750-48PS-S

Cisco WS-C3750-48PS-S

Cisco WS-C2948G-GE-TX

Preview: Cisco WS-C3560-48PS-S

Cisco WS-C3560-48PS-S

Preview: Cisco WS-C2960L-8TS-LL

Cisco WS-C2960L-8TS-LL

Preview: Cisco WS-C3560E-24PD-E

Cisco WS-C3560E-24PD-E

Cisco WS-C3750G-48PS-S

Preview: Cisco WS-C2960L-24TS-LL

Cisco WS-C2960L-24TS-LL

Preview: Cisco Catalyst WS-C3850-24T-L

Cisco Catalyst WS-C3850-24T-L