Chapter 39
Configuring the Switch Access Using AAA
To clear all the Kerberos credentials, perform this task in privileged mode:
Task
Clear all the credentials.
This example shows how to clear all the Kerberos credentials from the switch:
Console> (enable) clear kerberos creds
Console> (enable)
Authentication Example
Figure 39-3
In this example, TACACS+ authentication is enabled and local authentication is disabled for both the
login and enable access to the switch for all Telnet connections. When Workstation A attempts to
connect to the switch, the user is challenged for a TACACS+ username and password.
However, only local authentication is enabled for both the login and enable access on the console port.
Any user with access to the directly connected terminal can access the switch using the login and enable
passwords.
Figure 39-3
TACACS+
172.20.52.10
Workstation A
This example shows how to configure the switch so that TACACS+ authentication is enabled for Telnet
connections, local authentication is enabled for the console connections, and a TACACS+ encryption key
is specified:
Console> (enable) show tacacs
Tacacs key:
Tacacs login attempts: 3
Tacacs timeout: 5 seconds
Tacacs direct request: disabled
Tacacs-Server
----------------------------------------
OL-8978-04
shows a simple network topology using TACACS+.
TACACS+ Example Network Topology
server
Switch
Command
clear kerberos creds
Console port
connection
Terminal
Status
-------
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Configuring Authentication on the Switch
39-43