39-47
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 39 Configuring the Switch Access Using AAA
Configuring Authorization on the Switch
TACACS+ Authorization Configuration Guidelines
This section describes the guidelines for configuring TACACS+ authorization on the switch:
• TACACS+ authorization is disabled by default.
• Authorization configuration applies to console connections, Telnet connections, or both types of
connections.
• You must specify the mode, option, fallback option, and connection type when enabling
authorization.
• Configure the RADIUS and TACACS+ servers before enabling authorization. See the “Specifying
TACACS+ Servers” section on page 39-19 or the “Specifying RADIUS Servers” section on
page 39-26 for more information on the server setup.
• Configure the RADIUS and TACACS+ keys to encrypt the protocol packets before enabling
authorization. See the “Specifying the TACACS+ Key” section on page 39-21 or the “Specifying the
RADIUS Key” section on page 39-26 for more information on the key setup.
Configuring TACACS+ Authorization
These sections describe how to configure TACACS+ authorization on the switch:
• Enabling TACACS+ Authorization, page 39-47
• Disabling TACACS+ Authorization, page 39-49
Enabling TACACS+ Authorization
To enable TACACS+ authorization on the switch, perform this task in privileged mode:
Task Command
Step 1
Enable authorization for normal mode. Enter the
console or telnet keyword if you want to enable
authorization only for the console port or Telnet
connection attempts. Enter the both keyword to
enable authorization for both console port and
Telnet connection attempts.
set authorization exec enable
{option}{fallbackoption} [console | telnet | both]
Step 2
Enable authorization for enable mode. Enter the
console or telnet keyword if you want to enable
authorization only for the console port or Telnet
connection attempts. Enter the both keyword to
enable authorization for both console port and
Telnet connection attempts.
set authorization enable enable {option}
{fallbackoption} [console | telnet | both]
Step 3
Enable authorization of the configuration
commands. Enter the console or telnet keyword if
you want to enable authorization only for the
console port or Telnet connection attempts. Enter
the both keyword to enable authorization for both
console port and Telnet connection attempts.
set authorization commands enable {config |
all} {option}{fallbackoption} [console | telnet |
both]
Step 4
Verify the TACACS+ authorization configuration. show authorization
To Next Page
Loading...
Need help?
General