| Although usernames and passwords can
be configured directly on the network device, this configuration
does not scale well. It is generally recommended that security be
handled at a centralized location. This is commonly done using
authentication, authorization, and accounting (AAA), which allows
all facets of user security to be defined on a central server. The
TACACS+ protocol provides detailed accounting information and
administrative control over the authentication and authorization
process. Cisco Secure will provide both AAA and TACACS+ services for
network devices as well as remote access.
To configure basic authentication
with TACACS+ on a switch, perform the following steps:
- Make sure there is a back door
into the switch if the server is down by issuing the command: set
authentication login local enable
- Enable TACACS authentication by
issuing the command: set authentication login tacacs enable
- Define the server by issuing the
command: set tacacs server 10.1.1.10
- Define the server key. This is
optional with TACACS+ - it causes the switch-to-server data to be
encrypted. If used, it must agree with the server: set tacacs
key cisco4me
 |
 |
Lab
Activity |
| |
In
this lab activity, you will learn how to use
Cisco Secure ACS security for controlled user
access. |
|
|
|
|