Configuring Authentication
Configuring Login Authentication
These sections describe how to configure login authentication on the switch:
•
•
Setting Authentication Login Attempts on the Switch
To set up login authentication on the switch, perform this task in privileged mode:
Task
Step 1
Enable login attempt limits on the switch. Enter
the console or telnet keyword if you want to
enable local authentication only for the console
port or for Telnet connection attempts.
Step 2
Enable the login lockout time on the switch. Enter
the console or telnet keyword if you want to
enable local authentication only for the console
port or for Telnet connection attempts.
Step 3
Verify the local authentication configuration.
This example shows how to limit login attempts to five, set the lockout time for both console and Telnet
connections to 50 seconds, and verify the configuration:
Console> (enable) set authentication login attempt 5
Login authentication attempts for console and telnet logins set to 5.
Console> (enable) set authentication login lockout 50
Login lockout time for console and telnet logins set to 50.
Console> (enable) show authentication
Login Authentication:
---------------------
tacacs
radius
kerberos
local
attempt limit
lockout timeout (sec)
Enable Authentication: Console Session
---------------------- ----------------- ----------------
tacacs
radius
kerberos
local
attempt limit
lockout timeout (sec)
Console> (enable)
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
21-12
Setting Authentication Login Attempts on the Switch, page 21-12
Setting Authentication Login Attempts for the Privileged Mode, page 21-13
Console Session
----------------
disabled
disabled
disabled
enabled(primary)
5
50
disabled
disabled
disabled
enabled(primary)
3
disabled
Chapter 21
Configuring Switch Access Using AAA
Command
set authentication login attempt {count}
[console | telnet]
set authentication login lockout {time} [console
| telnet]
show authentication
Telnet Session
Http Session
----------------
----------------
disabled
disabled
disabled
disabled
disabled
disabled
enabled(primary)
enabled(primary)
5
-
50
-
Telnet Session
Http Session
----------------
disabled
disabled
disabled
disabled
disabled
disabled
enabled(primary)
enabled(primary)
3
-
disabled
-
78-13315-02