Initial Switch Configuration
Assign Initial Management Information
20
Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series
Configure SNMP for Remote Management
Step 4
Enable Simple Network Management Protocol (SNMP) to allow the network infrastructure devices to
be managed by a remote Network Management System (NMS). Configure SNMPv2c read-only and
read-write community strings, as shown in the following example. Once SNMP community strings are
configured, then SNMP tools can be used to monitor the 3850 which includes statistics.
Configure Local Login and Password for Switch Access
Step 5
Configure a local user ID and password to secure access to the switch.
We recommend that you encrypt passwords to secure access to the device configuration mode and
prevent the display of plain text passwords in configuration files.
Configure Centralized User Authentication Through
Note
Configuring the protocol is optional and recommended only when using TACACS to manage
all of your network devices.
Step 6
Configure centralized user authentication through the protocol.
As networks increase the number of devices to maintain, there is an operational burden to maintain local
user accounts on every device. A centralized authentication, authorization, and accounting (AAA)
service reduces operational tasks on each device and provides an audit log of user access for security
compliance and root-cause analysis. When AAA is enabled for access control, all management access to
the network infrastructure devices (SSH and HTTPS) is controlled by the AAA service.
is the primary protocol used to authenticate management infrastructure devices to determine
whether access can be allowed to the AAA server. A local AAA user database defined on each network
infrastructure device to provide a fallback authentication source in case the centralized server
is unavailable.
This example shows how to configure the switch for TACACS administrative access.
