5-16
RADIUS Authentication and Accounting
Local Authentication Process
Local Authentication Process
When the switch is configured to use RADIUS, it reverts to local authentication
only if one of these two conditions exists:
■ “Local” is the authentication option for the access method being used.
■ The switch has been configured to query one or more RADIUS servers
for a primary authentication request, but has not received a response,
and local is the configured secondary option.
For local authentication, the switch uses the Operator-level and Manager-level
username/password set(s) previously configured locally on the switch. (These
are the usernames and passwords you can configure using the CLI password
command, the web browser interface, or the menu interface—which enables
only local password configuration).
■ If the operator at the requesting terminal correctly enters the user-
name/password pair for either access level (Operator or Manager),
access is granted on the basis of which username/password pair was
used. For example, suppose you configure Telnet primary access for
RADIUS and Telnet secondary access for local. If a RADIUS access
attempt fails, then you can still get access to either the Operator or
Manager level of the switch by entering the correct username/pass-
word pair for the level you want to enter.
■ If the username/password pair entered at the requesting terminal does
not match either local username/password pair previously configured
in the switch, access is denied. In this case, the terminal is again
prompted to enter a username/password pair. In the default configu-
ration, the switch allows up to three attempts. If the requesting
terminal exhausts the attempt limit without a successful authentica-
tion, the login session is terminated and the operator at the requesting
terminal must initiate a new session before trying again.