DGS-6604
m
aaa authentication
CLI Reference Guide
28
Multiple methods for the login/enable authentication per application can be
specified. The new setting will overwrite the old association.
Use
no aaa authentication
to disable authentication for system access or to
disable the login list of applications used for system access.
To configure AAA authentication, first define a group of authentication servers
(use
aaa group server
command). If a specified group server cannot be found,
an error message is displayed. The group server defines the type of
authentication to be performed and the sequence in which they will be
performed.
A method list describes authentication methods used in the sequential order
listed. The method defines a security protocol, if any is used, for user
authentication. More than one method can be defined to provide a backup
authentication procedure. If the first method cannot be used or there is no
response, the next method listed is used and so on for up to 2 defined methods.
The process continues until either the user is authenticated successfully, or all
methods listed are exhausted.
Note that if, at any point, access is denied by an authentication method
employed, the authentication process is stopped, no more methods are eligible
and no other attempts to authenticate are made.
The
local
method for authentication uses locally configured login and enable
passwords to authenticate login attempts. The login and enable passwords are
local to each switch and are not mapped to the individual user names. The local
method is used by default for authentication if no method is listed. If a different
authentication method is listed for login or enable, the switch will not attempt
local authentication.
In order to use AAA authentication, at least one local user account for login must
first be created and the enable password set up.
Example
The following example sets a login method list for an authenticate login attempt
from all of the applications (including console, telnet, ssh, http). The methods
start from group2.
Verify the settings by entering the
show aaa
command.
Switch(config)# aaa authentication login group group2 local
Switch(config)#