Configuring the Switch for Local Authentication and Authorization
Monitoring and Troubleshooting CoA Functionality
Use these Cisco IOS commands to monitor and troubleshoot CoA functionality on the switch:
•
•
•
•
•
•
Configuring RADIUS Server Load Balancing
This feature allows access and authentication requests to be evenly across all RADIUS servers in a server
group. For more information, see the "RADIUS Server Load Balancing" chapter of the "Cisco IOS
Security Configuration Guide", Release 12.2:
http://www.ciscosystems.com/en/US/docs/ios/12_2sb/feature/guide/sbrdldbl.html
Displaying the RADIUS Configuration
To display the RADIUS configuration, use the show running-config privileged EXEC command.
Configuring the Switch for Local Authentication and
Authorization
You can configure AAA to operate without a server by setting the switch to implement AAA in local
mode. The switch then handles authentication and authorization. No accounting is available in this
configuration.
Beginning in privileged EXEC mode, follow these steps to configure the switch for local AAA:
Command
Step 1
configure terminal
Step 2
aaa new-model
Step 3
aaa authentication login default
local
Step 4
aaa authorization exec local
Step 5
aaa authorization network local
Catalyst 2975 Switch Software Configuration Guide
9-40
debug radius
debug aaa coa
debug aaa pod
debug aaa subsys
debug cmdhd [detail | error | events]
show aaa attributes protocol radius
Purpose
Enter global configuration mode.
Enable AAA.
Set the login authentication to use the local username database. The default
keyword applies the local user database authentication to all ports.
Configure user AAA authorization, check the local database, and allow the
user to run an EXEC shell.
Configure user AAA authorization for all network-related service requests.
Chapter 9
Configuring Switch-Based Authentication
OL-19720-02