White Paper Issue: October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 45 / 47
Step 2: Configure the SB9
! SB9 Configuration for TACACS+
!
! Create a authentication list
! authenticatio will be done agains TACACS, if the server
! does not respond, it will be done locally
authentication login TACACS tacacs local reject
!
! bind the authentication list to all users, which are
! not locally.
username defaultlogin TACACS
! Enable TACACS
Tacacs
! Set the shared key for server 1
tacacs key 1 0 fsc
! Set the IP address of server 1
tacacs server-ip 1 10.222.0.21
! Define the server 1 as master
tacacs mode 1 master 1
! Since all users which are authenticated by TACACS+ are read-only
! user, it’s important to set the enable password which is not seen in
! the configuration file
enable passwd
Step 3: Test the login
C:\> telnet bx6-sb9-b
! Test a login with correct username but wrong password
(bx6-sb9-b)
User:test-ro
Password: WRONG
! Test a login with correct username and password
User:test-ro
Password:test-ro
(bx6-sb9-b) >
At the ACS you can see the failed and successful attempts:
View the failed
attempts