Configuring TACACS+ on the switch

Access options

Following is a set of access options and the corresponding commands to configure them:

console login (operator or read-only) access, primary using TACACS+ server and secondary access using local.
switch (config)# aaa authentication console login tacacs local
console enable (manager or read/write) access, primary using TACACS+ server and secondary using local.
switch (config)# aaa authentication console enable tacacs local
Telnet login (operator or read-only) access, primary using TACACS+ server and secondary using local.
switch (config)# aaa authentication Telnet login tacacs local
Telnet enable (manager or read/write) access, primary using TACACS+ server and secondary using local.
switch (config)# aaa authentication telnet enable tacacs local
ssh login (operator or read-only) access, primary using TACACS+ server and secondary using local.
switch (config)# aaa authentication ssh login tacacs local
ssh enable (operator or read-only) access, primary using TACACS+ server and secondary using local.
switch (config)# aaa authentication ssh enable tacacs local
rest login (operator or read-only) access, primary using TACACS+ server and secondary using local.
switch (config)# aaa authentication rest login tacacs local
rest enable (operator or read-only) access, primary using TACACS+ server and secondary using local.
switch (config)# aaa authentication rest enable tacacs local
deny access and close the session after failure of two consecutive user name/password pairs
switch (config)# aaa authentication num-attempts 2