TACACS+ Authentication
Overview
Overview
Feature Default Menu CLI Web
view the switch’s authentication configuration n/a — page 5-9 —
view the switch’s TACACS+ server contact n/a — page —
configuration
5-10
configure the switch’s authentication methods disabled — page —
5-11
configure the switch to contact TACACS+ server(s) disabled — page —
5-15
TACACS+ authentication enables you to use a central server to allow or deny
access to the switches covered by this guide (and other TACACS-aware
devices) in your network. This means that you can use a central database to
create multiple unique username/password sets with associated privilege
levels for use by individuals who have reason to access the switch from either
the switch’s console port (local access) or Telnet (remote access).
B
i A” Di
Vi
i l “B i
A
Primary
Server
l
a gi
i l A ( l
Path for Request from
B1
A2 or
B2
B3
B4
A1
A4
Series 5300xl, 3400cl, or
6400cl Switch
Configured for
TACACS+ Operation
Term nal “ rectly
Accessing the Switch
a Switch’s Console
Port
Term na ” Remotely Accessing The Switch V a Telnet
TACACS+
The switch passes the login
requests from terminals A and B
to the TACACS+ server for
authentication. The TACACS+
server determines whether to
allow access to the switch and
what privilege evel to allow for
ven access request.
Access Request A1 - A4: Path for Request from
Term na Through Conso e Port)
TACACS Server B1 - B4:
Response Terminal B (Through Telnet)
A3 or
Figure 5-1. Example of TACACS+ Operation
TACACS+ in the switches covered by this guide manages authentication of
logon attempts through either the Console port or Telnet. TACACS+ uses an
authentication hierarchy consisting of (1) remote passwords assigned in a
TACACS+ server and (2) local passwords configured on the switch. That is,
with TACACS+ configured, the switch first tries to contact a designated
5-2
To Next Page
Loading...
