Configuring tacacs+ login authentication – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 435

Advertising
background image

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

435

Configuring RADIUS and TACACS+ Servers

Chapter 14

aaa group server tacacs+ group-name

5. (Optional) Associate a particular TACACS+ server with the defined

server group. Repeat this step for each TACACS+ server in the AAA
server group.

Each server in the group must be previously defined in Step 2.

server ip-address

6. Return to privileged EXEC mode.

end

7. Verify your entries.

show tacacs

8. (Optional) Save your entries in the configuration file.

copy running-config startup-config

To remove the specified TACACS+ server name or address, use the

no

tacacs-server host hostname

global configuration command.

To remove a server group from the configuration list, use the

no aaa

group server tacacs+ group-name

global configuration

command.

To remove the IP address of a TACACS+ server, use the

no server

ip-address

server group subconfiguration command.

Configuring TACACS+ Login Authentication

To configure AAA authentication, you define a named list of authentication
methods and then apply that list to various interfaces. The method list defines the
types of authentication and the sequence performed; it must be applied to a
specific interface before any of the defined authentication methods are
performed. The only exception is the default method list (by coincidence, is
named default). The default method list is automatically applied to all interfaces
except those that have a named method list explicitly defined. A defined method
list overrides the default method list.

A method list describes the sequence and authentication methods to be queried
to authenticate an administrator. You can designate one or more security
protocols to be used for authentication, thus ensuring a back-up system for
authentication in case the initial method fails. The software uses the first method
listed to authenticate users; if that method fails to respond, the software selects
the next authentication method in the method list.

This process continues until there is successful communication with a listed
authentication method or until all defined methods are exhausted. If
authentication fails at any point in this cycle—meaning that the security server or
local username database responds by denying the administrator access—the
authentication process stops, and no other authentication methods are
attempted.

Advertising
Popular Brands
Popular manuals