Filter
Top Products
Configuring Authentication, Authorization, and Accounting 209
Methods that never return an error cannot be followed by any other methods
in a method list.
•The
enable
method uses the enable password. If there is no enable
password defined, then the enable method will return an error.
•The
ias
method is a special method that is only used for 802.1X. It uses an
internal database (separate from the local user database) that acts like an
802.1X authentication server. This method never returns an error. It will
always pass or deny a user.
•The
line
method uses the password for the access line on which the user is
accessing the switch. If there is no line password defined for the access
line, then the line method will return an error.
•The
local
method uses the local user database. If the user password does
not match, then access is denied. This method returns an error if the user
name is not present in the local user database.
•The
none
method does not perform any service, but instead always returns
a result as if the service had succeeded. This method never returns an error.
If none is configured as a method, the user will always be authenticated
and allowed to access the switch.
•The
radius
and
tacacs
methods communicate with servers running the
RADIUS and TACACS+ protocols, respectively. These methods can
return an error if the switch is unable to contact the server.
Access Lines
There are five access lines: console, Telnet, SSH, HTTP, and HTTPS. HTTP
and HTTPS are not configured using AAA method lists. Instead, the
authentication list for HTTP and HTTPS is configured directly
(authorization and accounting are not supported). The default method lists
for both the HTTP and HTTPS access lines consist of only the local method.
Each of the other access lines may be assigned method lists independently for
the AAA services.
The SSH line has built-in authentication beyond that configured by the
administrator.
In the SSH protocol itself, there are multiple methods for authentication.
These are not the authentication methods configured in AAA, but are
internal to SSH itself. When an SSH connection is attempted, the challenge-
response method is specified in the connection request.