39-51
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 39 Configuring the Switch Access Using AAA
Configuring Authorization on the Switch
Authorization Example
Figure 39-4 shows a simple network topology using TACACS+.
When Workstation A initiates a command on the switch, the switch registers a request with the
TACACS+ daemon. The TACACS+ daemon determines if the user is authorized to use the feature and
sends a response either executing the command or denying access.
Figure 39-4 TACACS+ Example Network Topology
In this example, TACACS+ authorization is enabled for enable mode access and for the configuration
commands to be entered on the switch over the Telnet and console connections:
Console> (enable) set authorization enable enable tacacs+ deny both
Successfully enabled enable authorization.
Console> (enable) set authorization commands enable config tacacs+ deny both
Successfully enabled commands authorization.
Console> (enable) show authorization
Telnet:
-------
Primary Fallback
------- --------
exec: tacacs+ deny
enable: tacacs+ deny
commands:
config: tacacs+ deny
all: - -
Console:
--------
Primary Fallback
------- --------
exec: tacacs+ deny
enable: tacacs+ deny
commands:
config: tacacs+ deny
all: - -
Console> (enable)
To Next Page
Loading...
