Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring Switch Authentication Features (Rev. 03)
Terminal Access Controller Access Control System Plus ()
© 2008 Foundry Networks, Inc.
Page 43 of 70
# (Changes automatically to 0, see "User Privilege Levels" chapter)
NOTE
Privilege levels in the configuration file (0-15) are arranged in
ascending order, from 0 for the lowest privilege (Guest level) to 15 for the highest
privilege (an Administrator). The compatibility with the internal privilege scheme
is automatically performed by internally reversing the level received from the
configuration file for a user being authorized, thus matching the internal privilege
scheme.
Switch Configuration Example
1. Set the Server host and key:
device-name
#
configure terminal
device-name
(config)#
tacacs-server host 10.2.42.137
device-name
(config)#
tacacs-server key TacacsPlus
2. Add a local user with username of
ivo
and password
ivo123
:
device-name
(config)#
username ivo password ivo123 ivo123 group users
3. Add a local user with username of
root
and password
rtpsw
:
device-name
(config)#
username root password rtpsw rtpsw group
administrators
4. Begin the authentication process:
device-name
(config)#
aaa authentication login default local
device-name
(config)#
exit
5. Display the configuration:
device-name
#
show running-config
Building the configuration ...
! Current Configuration:
!
!
! Router Manager Configuration:
password a1h8RRzG11d4U
tacacs-server host 10.2.42.137
tacacs-server key TacacsPlus
username ivo
password a1Zbrvn5zHxqI
username root
password a1tF2Q8HP4CMc
aaa authentication login default local
!
Configuration Results
If the user tries to access the device using username
tech,
the result will be ACCEPT:
Username:
tech
Password:
device-name
>
show privilege
Current user privilege is Technician
If the user tries to access the device using username
richy,
the result will be REJECT: