4-12
TACACS+ Authentication
Configuring TACACS+ on the Switch
Authentication Parameters
Table 4-1. AAA Authentication Parameters
Syntax: aaa authentication
< console | telnet | ssh | web | port-access >
Selects the access method for configuration.
< enable>
The server grants privileges at the Manager privilege
level.
<login [privilege-mode] >
The server grants privileges at the Operator privilege
level. If the privilege-mode option is entered, TACACS+ is
enabled for a single login. The authorized privilege level
(Operator or Manager) is returned to the switch by the
TACACS+ server.
Default: Single login disabled.
< local | tacacs | radius >
Selects the type of security access:
local — Authenticates with the Manager and Operator
password you configure in the switch.
tacacs — Authenticates with a password and other
data configured on a TACACS+ server.
radius — Authenticates with a password and other
data configured on a RADIUS server.
[< local | none >]
If the primary authentication method fails, determines
whether to use the local password as a secondary method
or to disallow access.
aaa authentication num-attempts < 1-10 >
Specifies the maximum number of login attempts allowed in
the current session. Default: 3
Name Default Range Function
console, Telnet,
SSH, web or port-
access
n/a n/a Specifies the access method used when authenticating. TACACS+
authentication only uses the console, Telnet or SSH access methods.
