TACACS+ Authentication
Configuring TACACS+ on the Switch
[< local | none >]
If the primary authentication method fails, determines
whether to use the local password as a secondary method
or to disallow access.
aaa authentication num-attempts < 1-10 >
Specifies the maximum number of login attempts allowed in
the current session. Default: 3
Table 4-1. AAA Authentication Parameters
Name Default Range Function
console, Telnet,
SSH, web or port-
access
n/a n/a Specifies the access method used when authenticating. TACACS+
authentication only uses the console, Telnet or SSH access methods.
enable n/a n/a Specifies the Manager (read/write) privilege level for the access
method being configured.
login <privilege-
mode>
privilege-mode
disabled
n/a login: Specifies the Operator (read-only) privilege level for the
access method being configured.
The privilege-mode option enables TACACS+ for a single login. The
authorized privilege level (Operator or Manager) is returned to the
switch by the TACACS+ server.
local
- or -
tacacs
local n/a Specifies the primary method of authentication for the access
method being configured.
local: Use the username/password pair configured locally in the
switch for
the privilege level being configured
tacacs: Use a TACACS+ server.
local
none n/a Specifies the secondary (backup) type of authentication being
- or -
configured.
none
local: The username/password pair configured locally in the switch
for the
privilege level being configured
none: No secondary type of authentication for the specified
method/privilege path. (Available only if the primary method of
authentication for the access being configured is local.)
Note: If you do not specify this parameter in the command line, the
switch automatically assigns the secondary method as follows:
• If the primary method is
tacacs, the only secondary method is
local.
• If the primary method is
local, the default secondary method is
none.
num-attempts 3 1 - 10 In a given session, specifies how many tries at entering the correct
username/password pair are allowed before access is denied and
the session terminated.
4-12
To Next Page
Loading...
