Configuring Authentication, Authorization, and Accounting 183
aaa authentication enable “tacp”
tacacs-server host 1.2.3.4
key “secret”
exit
line telnet
login authentication tacplus
enable authentication tacp
exit
The following describes each line in the above configuration:
•The
aaa authentication login “tacplus” tacacs
command creates a login authentication list called “tacplus” that contains
the method tacacs. If this method returns an error, the user will fail to
login.
•The
aaa authentication enable “tacp” tacacs
command
creates an enable authentication list called “tacp” that contains the
method tacacs. If this method fails, then the user will fail to execute the
enable command.
•The
tacacs-server host 1.2.3.4
command is the first step in
defining a TACACS+ server at IP address 1.2.3.4. The result of this
command is to place the user in tacacs-server mode to allow further
configuration of the server.
•The
key “secret”
command defines the shared secret. This must be
the same as the shared secret defined on the TACACS+ server.
•The
line telnet
command enters the configuration mode for the
telnet line.
•The
login authentication tacplus
command assigns the
tacplus login authentication method list to be used for users accessing the
switch via telnet.
•The
enable authentication tacp
command assigns the tacp
enable authentication method list to be used for users executing the
enable command when accessing the switch via telnet.
NOTE: A user logging in with this configuration would be placed in User EXEC
mode with privilege level 1. To access Privileged EXEC mode with privilege level 15,
use the enable command.
To Next Page
Loading...
