Note: the key string ‘mykey’ will be used to encrypt the session the key ‘mykey’ should only be known to the server and the switch. Switch(config)# tacacs-server host 10.1.1.10 key mykey Note: when TACACS server becomes unreachable, you use switch’s local database for authentication. Switch(config)# aaa authentication login myauth group tacacs+ local You need to configure username and password on the AAA as well, which can be different than the local username and password.
Note: this is a username and password setup on the switch’s local database. Switch(config)# username cisco password cisco The following are the three generic steps: To use AAA you need to enable it and then connect it to an AAA service hosted in a server. Cisco switches are capable of implementing AAA functionality with either TACACS+ protocol (Cisco proprietary) or RADIUS protocol. AAA functionality in Cisco switch can be used as a centralized solution to secure and control user access to switches.
