Operating notes, Troubleshooting tacacs+ operation, Operating notes -29 – IronPort Systems 4108GL User Manual

9-29

Using Passwords and TACACS+ To Protect Against Unauthorized Access

TACACS+ Authentication for Central Control of Switch Access Security

Usi
n

g P
a

sswor

ds and

TA
C

A

CS+

Operating Notes

■

If you configure Authorized IP Managers on the switch, it is not
necessary to include any devices used as TACACS+ servers in the
authorized manager list. That is, authentication traffic between a
TACACS+ server and the switch is not subject to Authorized IP
Manager controls configured on the switch. Also, the switch does not
attempt TACACS+ authentication for a management station that the
Authorized IP Manager list excludes because, independent of
TACACS+, the switch already denies access to such stations.

■

When TACACS+ is not enabled on the switch—or when the switch’s
only designated TACACS+ servers are not accessible— setting a local
Operator password without also setting a local Manager password
does not protect the switch from manager-level access by unautho-
rized persons

.)

Troubleshooting TACACS+ Operation

Event Log.

When troubleshooting TACACS+ operation, check the switch’s

Event Log for indications of problem areas.

For specific troubleshooting help, see “TACACS-Related Problems” on page
18-9.