Cisco Gigabit Ethernet Switch Module for HP p-Class BladeSystem Software Configuration Guide

Contents

380261-003

Setting or Changing a Static Enable Password 5-3

Protecting Enable and Enable Secret Passwords with Encryption 5-3

Disabling Password Recovery 5-5

Setting a Telnet Password for a Terminal Line 5-6

Configuring Username and Password Pairs 5-6

Configuring Multiple Privilege Levels 5-7

Setting the Privilege Level for a Command 5-8

Changing the Default Privilege Level for Lines 5-9

Logging into and Exiting a Privilege Level 5-9

Controlling Switch Access with TACACS+ 5-10

Understanding TACACS+ 5-10

TACACS+ Operation 5-12

Configuring TACACS+ 5-12

Default TACACS+ Configuration 5-13

Identifying the TACACS+ Server Host and Setting the Authentication Key 5-13

Configuring TACACS+ Login Authentication 5-14

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 5-16

Starting TACACS+ Accounting 5-17

Displaying the TACACS+ Configuration 5-17

Controlling Switch Access with RADIUS 5-17

Understanding RADIUS 5-18

RADIUS Operation 5-19

Configuring RADIUS 5-19

Default RADIUS Configuration 5-20

Identifying the RADIUS Server Host 5-20

Configuring RADIUS Login Authentication 5-23

Defining AAA Server Groups 5-25

Configuring RADIUS Authorization for User Privileged Access and Network Services 5-27

Starting RADIUS Accounting 5-28

Configuring Settings for All RADIUS Servers 5-29

Configuring the Switch to Use Vendor-Specific RADIUS Attributes 5-29

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 5-31

Displaying the RADIUS Configuration 5-31

Controlling Switch Access with Kerberos 5-32

Understanding Kerberos 5-32

Kerberos Operation 5-34

Authenticating to a Boundary Switch 5-34

Obtaining a TGT from a KDC 5-35

Authenticating to Network Services 5-35