Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Purple

tacacs on old 1924's

Whats the command to enable tacacs on initial login instead of having it go to the menu . We already have it for enable mode . Used to know this and there seems to be very limited info on CCO on this old switch. I believe it was just a single command to enable it.

1 REPLY
New Member

Re: tacacs on old 1924's

http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v9x/ee_scg/2addlfet.htm#xtocid11624

Configuring TACACS+

You must configure a TACACS+ server before enabling TACACS+ on the Catalyst 1900 or Catalyst 2820 switch.

To configure TACACS+, perform these steps in privileged mode from the CLI:

Task Command

Step 1 Enable TACACS+ authentication for login.

login tacacs

Step 2 Enable TACACS+ authentication for enable.

enable use-tacacs

Step 3 Configure the action to be taken when TACACS+ servers cannot be reached.

tacacs-server last-resort [password | succeed]

Step 4 Configure the key used to encrypt packets.

tacacs-server key key

Step 5 Configure the IP address of the TACACS+ server.

tacacs-server host hostaddress

Step 6 Configure the number of login attempts allowed to the TACACS+ server (optional).

tacacs-server attempts integer

Step 7 Set the timeout interval in which the server must respond (optional).

tacacs-server timeout seconds

Supported CLI Commands

The following TACACS+ commands are fully documented in the Catalyst 1900 Series and Catalyst 2820 Series Command Reference (online only):

enable use-tacacs

login tacacs

show tacacs

tacacs-server attempts

tacacs-server directed-request

tacacs-server host

tacacs-server key

tacacs-server last-resort

tacacs-server timeout

TACACS+ Example

The following example enables TACACS+ login authentication, configures a TACACS+ server at address 192.20.22.7, sets the server key to "I am cool," sets the maximum allowable login attempts to 3, and sets the server timeout to 5 seconds.

switch(config)# login tacacs

switch(config)# tacacs-server host 192.20.22.7

switch(config)# tacacs-server key "I am cool"

switch(config)# tacacs-server attempts 3

switch(config)# tacacs-server timeout 5

TACACS+ Verification

To verify the TACACS+ configuration settings, use the show tacacs command. After entering the command, you see this display:

switch# show tacacs

Enable use-tacacs:Enabled

Login tacacs:Enabled

Tacacs-server last-resort:password

Tacacs-server hosts:192.20.27.7

Tacacs-server key:I am cool

Tacacs-server login attempts:3

Tacacs-server timeout:5 seconds

Tacacs-server directed-request:Disabled

Note The tacacs-server key setting displays only in privileged Exec mode.

cisco.com/univercd is always your friend (even for the old stuff)

Scott

166
Views
0
Helpful
1
Replies