User's Manual

ManualsBrandsCisco Systems ManualsWelding SystemCisco Systems IOS Software 0L-11350-01

301

302

303

304

305

306

307

308

309

310

13-27

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-11350-01

Chapter 13 Configuring RADIUS and TACACS+ Servers

Configuring and Enabling TACACS+

To disable AAA, use the no aaa new-model global configuration command. To disable AAA

authentication, use the no aaa authentication login {default | list-name} method1 [method2...] global

configuration command. To either disable TACACS+ authentication for logins or to return to the default

value, use the no login authentication {default | list-name} line configuration command.

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services

AAA authorization limits the services available to an administrator. When AAA authorization is

enabled, the access point uses information retrieved from the administrator’s profile, which is located

either in the local user database or on the security server, to configure the administrator’s session. The

administrator is granted access to a requested service only if the information in the administrator profile

allows it.

You can use the aaa authorization global configuration command with the tacacs+ keyword to set

parameters that restrict an administrator’s network access to privileged EXEC mode.

Step 3

aaa authentication login {default |

list-name} method1 [method2...]

Create a login authentication method list.

• To create a default list that is used when a named list is not specified

in the login authentication command, use the default keyword

followed by the methods that are to be used in default situations. The

default method list is automatically applied to all interfaces.

• For list-name, specify a character string to name the list you are

creating.

• For method1..., specify the actual method the authentication

algorithm tries. The additional methods of authentication are used

only if the previous method returns an error, not if it fails.

Select one of these methods:

• line—Use the line password for authentication. You must define a

line password before you can use this authentication method. Use the

password password line configuration command.

• local—Use the local username database for authentication. You must

enter username information into the database. Use the username

password global configuration command.

• tacacs+—Uses TACACS+ authentication. You must configure the

TACACS+ server before you can use this authentication method.

Step 4

line [console | tty | vty] line-number

[ending-line-number]

Enter line configuration mode, and configure the lines to which you want

to apply the authentication list.

Step 5

list-name}

Apply the authentication list to a line or set of lines.

• If you specify default, use the default list created with the aaa

authentication login command.

• For list-name, specify the list created with the aaa authentication

Step 6

end Return to privileged EXEC mode.

Step 7

show running-config Verify your entries.

Step 8

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose