Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentCatalyst 6880-X
919293949596979899100
Core Layer April 2014
97
If you configure an access-list on the vty interface, you may lose the ability to use ssh
to log in from one device to the next for hop-by-hop troubleshooting.
Caution
Step 10: Configure local login and password.
The local login account and password provides basic device access authentication to view platform operation.
The enable password secures access to the device configuration mode. By enabling password encryption, you
prevent the use of plain text passwords when viewing configuration files. The aaa new-model command enables
new access control commands and functions, and causes the local username and password on the router to be
used in the absence of other AAA statements.
username admin password [password]
enable secret [secret password]
service password-encryption
aaa new-model
By default, https access to the switch will use the enable password for authentication.
Step 11: If you want to reduce operational tasks per device, configure centralized user authentication by using
the TACACS+ protocol to authenticate management logins on the infrastructure devices to the AAA server.
As networks scale in the number of devices to maintain, there is an operational burden to maintain local user
accounts on every device. A centralized AAA service reduces operational tasks per device and provides an audit
log of user access for security compliance and root cause analysis. When AAA is enabled for access control, all
management access to the network infrastructure devices (SSH and HTTPS) is controlled by AAA.
TACACS+ is the primary protocol used to authenticate management logins on the infrastructure devices to
the AAA server. A local AAA user database is also defined on each network infrastructure device to provide a
fallback authentication source in case the centralized TACACS+ server is unavailable.
tacacs server TACACS-SERVER-1
address ipv4 10.4.48.15
key [secret key]
!
aaa group server tacacs+ TACACS-SERVERS
server name TACACS-SERVER-1
!
aaa authentication login default group TACACS-SERVERS local
aaa authorization exec default group TACACS-SERVERS local
aaa authorization console
ip http authentication aaa