|
| ||||
 |
|
Home | Reviews | Tools | Forums | FAQs | Find Service | ISP News | Maps | About |
|
how-to block ads |
Suggested prerequisite reading »Cisco Forum FAQ »Secure and Monitor Network Access with AAA (TACACS/RADIUS) and Privilege Level Notice If the switches are IOS-based ones, then you can implement AAA command set in the following FAQ since the sets are applicable to any IOS-based Cisco devices including switches. »Cisco Forum FAQ »Securing access to routers with AAA commands When the switches are Catalyst-OS based, then you can implement the following command set that would provide similar effect to the Sample #3 of the FAQ. AAA command set with external TACACS server set password [ENTER LOGIN PASSWORD HERE] set enablepass [ENTER ENABLE PASSWORD HERE] ! #Local User set localuser user [ENTER USERNAME HERE] password [ENTER YOUR PASSWORD HERE] privilege [ENTER PRIVILEGE LEVEL HERE] ! #tacacs+ set tacacs server [ENTER TACACS+ SERVER IP ADDRESS HERE] primary set tacacs key [ENTER TACACS+ SERVER AUTHENTICATING KEY HERE] ! #authentication set authentication login tacacs enable console primary set authentication login tacacs enable telnet primary set authentication login tacacs enable http primary set authentication enable tacacs enable console primary set authentication enable tacacs enable telnet primary set authentication enable tacacs enable http primary ! #authorization set authorization exec enable tacacs+ none console set authorization exec enable tacacs+ none telnet set authorization commands enable enable tacacs+ none console set authorization commands enable enable tacacs+ none telnet ! #accounting set accounting exec enable start-stop tacacs+ set accounting connect enable start-stop tacacs+ set accounting commands enable enable stop-only tacacs+ Notes: * When the TACACS+ server fails or is unreachable, local credential is used as backup. * The sample configuration uses the "telnet" parameter which applies to both telnet and ssh remote access since there is no specific "ssh" parameter
 got feedback?by aryoba | |||||
| Tuesday, 21-May 16:04:39 | Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo over 13.5 years online © 1999-2013 dslreports.com. |
