U
SER
A
UTHENTICATION
3-45
Command Usage
• By default, management access is always checked against the
authentication database stored on the local switch. If a remote
authentication server is used, you must specify the authentication
sequence and the corresponding parameters for the remote
authentication protocol. Local and remote logon authentication
control management access via the console port, web browser, or
Telnet.
• RADIUS and TACACS+ logon authentication assign a specific
privilege level for each user name/password pair. The user name,
password, and privilege level must be configured on the authentication
server.
• You can specify up to three authentication methods for any user to
indicate the authentication sequence. For example, if you select (1)
RADIUS, (2) TACACS and (3) Local, the user name and password on
the RADIUS server is verified first. If the RADIUS server is not
available, then authentication is attempted using the TACACS+ server,
and finally the local user name and password is checked.
Command Attributes
• Authentication – Select the authentication, or authentication
sequence required:
- Local – User authentication is performed only locally by the
switch.
- Radius – User authentication is performed using a RADIUS server
only.
- TACACS – User authentication is performed using a TACACS+
server only.
- [authentication sequence] – User authentication is performed by up
to three authentication methods in the indicated sequence.