Filter
Top Products
AAA Commands 217
4
AAA Commands
Management access to the switch is via telnet, HTTP, SSH, or the serial
console (SNMP access is discussed in SNMP Commands). To ensure that
only authorized users can access and change the configuration of the switch,
users must be authenticated.
Users can be authenticated based on:
•Login mode
• Switch access method
• Access to Privileged EXEC mode
• Two levels of access:
–1 = Read-only
–15 = Write-only
The supported authentication methods for management access are:
• Local: The user's locally stored ID and password are used for
authentication.
• RADIUS: The user's ID and password are authenticated using the
RADIUS server.
• TACACS+: The user's ID and password are authenticated using the
TACACS+ server.
• None: No authentication is used.
• Enable: Uses the enable password for authentication.
• Line: Uses the line password for authentication.
• Authentication Preference Lists (APLs): An Authentication Preference List
is an ordered list of authentication methods.
To authenticate a user, the authentication methods in the APL for the access
line are attempted in order until an authentication attempt returns a success
or failure return code. If a method times out, the next method in the list is
attempted. The component requesting authentication is unaware of the
ultimate authentication source. If a method in the preference list does not
2CSPC4.XModular-SWUM200.book Page 217 Thursday, March 10, 2011 11:18 AM