Providing User Access Security | 1359Providing User Access SecurityThis chapter contains the following major sections:• Choosing a TACACS+ Server and Authentication Method• Configuring TACACS+ Server Connection Options on page 137• Configuring a RADIUS Connection on page 138• Enabling Secure Management with SSH on page 140SFTOS supports several user-access security methods to the switch, including local (see Creating a Userand Password on page 36), port security (IEEE 802.1X) through RADIUS and Terminal Access ControllerAccess Control System (TACACS+), and encrypted transport session (between the management stationand switch) using Secure Shell (SSH). This chapter describes how to configure each of those methods.For more on port security configuration (including MD5), see the Security deck of the S-Series Trainingslides, which are on the S-Series Documentation CD-ROM.Choosing a TACACS+ Server and Authentication MethodTo use TACACS+ to authenticate users, you specify at least one TACACS+ server with which the S-Serieswill communicate, then identify TACACS+ as one of your authentication methods. To select TACACS asthe login authentication method, use the following command sequence:Step Command SyntaxCommandMode Purpose1 tacacs-server host ip-address Global Config Configure a TACACS+ server host. Enter the IPaddress or host name of the TACACS+ server. You canuse this command multiple times to configure multipleTACACS+ server hosts.1 exit TACACSConfigReturn to Global Config mode. Alternatively, whileyou are still in TACACS Config mode, you can setvalues for server-specific parameters, such as priority,key, and timeout. See Configuring TACACS+ ServerConnection Options on page 137.2 authentication login listname{method1 [method2 [method3]]}Global Config Create a method-list name and specify that TACACS isone method for login authentication.3 users defaultlogin listname Global Config Assign a method list to use to authenticatenon-configured users when they attempt to log in tothe system.