Learn how to set and verify the login
authentication mode.
Before you begin
- You must have an admin role to perform this task.
- The TACACS+ host must be configured on the 9920
device.
About this task
The following procedure configures TACACS+
as the primary source of authentication and the local-auth-fallback as the secondary
source. (For additional information, see Client Configuration Parameters for TACACS+ Support. ) For complete
information on login authentication mode, refer to the aaa authentication command
in the
Extreme 9920 Software Command Reference,
21.1.0.0
.
Procedure
-
Run the configure terminal command to access
Config mode.
The command line changes
to configuration
mode.
device(config)#
-
Run the
aaa
authentication command with the following parameters.
device# configure terminal
device(config)# aaa authentication login tacacs+ local-auth-fallback
device(config)# aaa accounting commands default start-stop tacacs+
device(config)# tacacs-server host 1.2.3.4
device(config-tacacs-config)# plain-key testing123
Authentication is attempted first with the TACACS+ server. If that
fails, authentication is attempted with the local database.
-
Run the
show running-config
aaa command to display the configuration.
device(config-tacacs-config)# do show run
username testuser2 role user password $6$salt$cevuzTZ/QBjzuZG0/ebEeedmcTnhyM8ITUu8K032
➥Cp2XvIibq7voqYagm18bwpLBqrg/l/l6YxTmKKibJz5r10
tacacs-server host 1.2.3.4
encrypted-key QjQkJLQUF3ncI1ooQCOaoEsBn5epVI3GsQwFD6i_BW
aaa authentication login tacacs+ local-auth-fallback
aaa accounting commands default start-stop tacacs+
interface ethernet 1/2
shutdown
interface ethernet 2/2
shutdown
-
Log in to the device using an account with TACACS+-only credentials to verify that TACACS+ is being used to authenticate the user.
