Support User Manuals

Cisco Systems ME 3400 Switch User Manual

Open as PDF

of 1086

7-36

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Chapter 7 Configuring Switch-Based Authentication

Configuring the Switch for Local Authentication and Authorization

To set up a Kerberos-authenticated server-client system, follow these steps:

• Configure the KDC by using Kerberos commands.

• Configure the switch to use the Kerberos protocol.

For instructions, see the “Kerberos Configuration Task List” section in the “Security Server Protocols”

chapter of the Cisco IOS Security Configuration Guide, Release

12.2, at this URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0918

6a00800ca7ad.html

Configuring the Switch for Local Authentication and

Authorization

You can configure AAA to operate without a server by setting the switch to implement AAA in local

mode. The switch then handles authentication and authorization. No accounting is available in this

configuration.

Beginning in privileged EXEC mode, follow these steps to configure the switch for local AAA:

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

aaa new-model Enable AAA.

Step 3

aaa authentication login default local Set the login authentication to use the local username database. The

default keyword applies the local user database authentication to all

ports.

Step 4

aaa authorization exec local Configure user AAA authorization, check the local database, and allow

the user to run an EXEC shell.

Step 5

aaa authorization network local Configure user AAA authorization for all network-related service

requests.

Step 6

username name [privilege level]

{password encryption-type password}

Enter the local database, and establish a username-based authentication

system.

Repeat this command for each user.

• For name, specify the user ID as one word. Spaces and quotation

marks are not allowed.

• (Optional) For level, specify the privilege level the user has after

gaining access. The range is 0 to 15. Level 15 gives privileged EXEC

mode access. Level 0 gives user EXEC mode access.

• For encryption-type, enter 0 to specify that an unencrypted password

follows. Enter 7 to specify that a hidden password follows.

• For password, specify the password the user must enter to gain access

to the switch. The password must be from 1 to 25 characters, can

contain embedded spaces, and must be the last option specified in the

username command.

Step 7

end Return to privileged EXEC mode.

previous next