Filter
Top Products
CLI (Command Line Interface)
199
NXA-ENET24 - Software Management Guide
Authentication Commands
You can configure this switch to authenticate users logging into the system for management access using local
or RADIUS authentication methods. You can also enable port-based authentication for network client access
using IEEE 802.1x.
Authentication Commands
Command Function
authentication login
This command defines the
login authentication method
and precedence.
Use the no form to restore
the default.
Syntax:
authentication login {[local] [radius] [tacacs]}
no authentication login
• local - Use local password.
• radius - Use RADIUS server password.
• tacacs - Use TACACS server password.
Default Setting: Local
Command Mode: Global Configuration
Command Usage: RADIUS uses UDP while TACACS+ uses TCP. UDP only
offers best effort delivery, while TCP offers a connection-oriented transport.
Also, note that RADIUS encrypts only the password in the access-request
packet from the client to the server, while TACACS+ encrypts the entire body of
the packet.
RADIUS and TACACS+ logon authentication assigns a specific privilege level
for each user name and password pair. The user name, password, and
privilege level must be configured on the authentication server.
You can specify three authentication methods in a single command to indicate
the authentication sequence. For example, if you enter “authentication login
radius tacacs local,” the user name and password on the RADIUS server is
verified first. If the RADIUS server is not available, then authentication is
attempted on the TACACS+ server. If the TACACS+ server is not available, the
local user name and password is checked.
Example:
Console(config)#authentication login radius
Console(config)#
authentication enable
This command defines the
authentication method and
precedence to use when
changing from Exec
command mode to Privileged
Exec command mode with
the enable command (see
page 169).
Use the no form to restore
the default.
Syntax:
authentication enable {[local] [radius] [tacacs]}
no authentication enable
• local - Use local password only.
• radius - Use RADIUS server password only.
• tacacs - Use TACACS server password.
Default Setting: Local
Command Mode: Global Configuration
Command Usage: RADIUS uses UDP while TACACS+ uses TCP. UDP only
offers best effort delivery, while TCP offers a connection-oriented transport.
Also, note that RADIUS encrypts only the password in the access-request
packet from the client to the server, while TACACS+ encrypts the entire body of
the packet.
RADIUS and TACACS+ logon authentication assigns a specific privilege level
for each user name and password pair. The user name, password, and
privilege level must be configured on the authentication server.
You can specify three authentication methods in a single command to indicate
the authentication sequence. For example, if you enter “authentication enable
radius tacacs local,” the user name and password on the RADIUS server is
verified first. If the RADIUS server is not available, then authentication is
attempted on the TACACS+ server. If the TACACS+ server is not available, the
local user name and password is checked.
Example:
Console(config)#authentication enable radius
Console(config)#