Specifications
4-23
Cisco Global Site Selector Administration Guide
OL-5480-01
Chapter 4 Managing GSS User Accounts Through a TACACS+ Server
Specifying TACACS+ Authentication of the GSS
Specifying TACACS+ Authentication of the GSS
After you identify a TACACS+ server, enable the TACACS+ authentication
service on the GSS. Use the aaa authentication command to enable TACACS+
authentication for a specific access method. By default, the GSS falls back to local
authentication with either the console port or a Telnet connection if the GSS
cannot remotely contact a TACACS+ server. Optionally, you can specify local
authentication if TACACS+ authentication fails for an FTP, GUI, or SSH
connection.
Note Ensure that you enable remote access on the GSS device (SSH, Telnet, or FTP)
before you enable TACACS+ authentication for the specific GSS access method.
Refer to the Cisco Global Site Selector Getting Started Guide for details.
The syntax for this global configuration command is:
aaa authentication {ftp | gui | login | ssh} [local]
The options for this global configuration command are:
• ftp—Enables the TACACS+ authentication service for a File Transfer
Protocol (FTP) remote access connection.
• gui—Enables the TACACS+ authentication service for a primary GSSM GUI
connection.
• login—Enables the TACACS+ authentication service for the login service,
using either a direct connection to the GSS console port or through a Telnet
remote access connection.
• ssh—Enables the TACACS+ authentication service for a Secure Shell (SSH)
remote access connection.
• local—(Optional) Used when you want the GSS to fall back to local
authentication if TACACS+ authentication fails for an FTP, GUI, or SSH
connection. The local option is always enabled for the login (console port or
Telnet) access method.
For example, to enable TACACS+ authentication for an SSH remote access
connection with fallback to local authentication, enter:
gss1.example.com(config)# aaa authentication ssh local