Cisco WS-C2960S-24PD-L Software Guide - Page 197
Configuring the Switch for Local Authentication and Authorization
View all Cisco WS-C2960S-24PD-L manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 197 highlights
Chapter 6 Configuring the System Controlling Switch Access with RADIUS Configuring the Switch for Local Authentication and Authorization You can configure AAA to operate without a server by setting the switch to implement AAA in local mode. The switch then handles authentication and authorization. No accounting is available in this configuration. Beginning in privileged EXEC mode, follow these steps to configure the switch for local AAA: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Command Purpose configure terminal Enter global configuration mode. aaa new-model Enable AAA. aaa authentication login default local Set the login authentication to use the local username database. The default keyword applies the local user database authentication to all interfaces. aaa authorization exec default local Configure user AAA authorization to determine if the user is allowed to run an EXEC shell by checking the local database. aaa authorization network default local Configure user AAA authorization for all network-related service requests. username name [privilege level] Enter the local database, and establish a username-based authentication {password encryption-type password} system. Repeat this command for each user. • For name, specify the user ID as one word. Spaces and quotation marks are not allowed. • (Optional) For level, specify the privilege level the user has after gaining access. The range is 0 to 15. Level 15 gives privileged EXEC mode access. Level 0 gives user EXEC mode access. • For encryption-type, enter 0 to specify that an unencrypted password follows. Enter 7 to specify that a hidden password follows. • For password, specify the password the user must enter to gain access to the switch. The password must be from 1 to 25 characters, can contain embedded spaces, and must be the last option specified in the username command. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. To disable AAA, use the no aaa new-model global configuration command. To disable authorization, use the no aaa authorization {network | exec} method1 global configuration command. 78-6511-08 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 6-69