Switch Authentication Via TACACS
If TACACS server communication fail , The local login will work
*******************************************************************
hostname CORE_SWITCH
!
!
enable password 7 XXXXXXX
!
username ADMIN privilege 15 password 7 XXXXXXXXXXXXXX
username NOC privilege 7 password 7 XXXXXXXXXXXXXXXX
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
interface Vlan100
ip address 10.100.100.254 255.255.255.0
standby 1 ip 10.X.X.X
standby 1 priority 150
standby 1 preempt
ip tacacs source-interface Vlan100
tacacs-server host 105.106.106.40
tacacs-server directed-request
tacacs-server key 7 XXXXXXXXXXXXXX
radius-server source-ports 1645-1646
line con 0
privilege level 15
password 7 XXXXXXXX
stopbits 1
line vty 0 4
password 7 XXXXXXXXX
line vty 5 15
password 7 XXXXXXXXX
!
No comments:
Post a Comment