Table of Contents
Advertisement
Chapter 39
Configuring the Switch Access Using AAA
If you are locked out at the console, the console does not allow you to log in during that lockout time. If
you are locked out with a Telnet session, the connection closes when the time limit is reached. The switch
closes any subsequent access from that station during the lockout time and provides an appropriate
notice.
Understanding How Local Authentication Works
Local authentication uses locally configured login and enable passwords to authenticate login attempts.
The login and enable passwords are local to each switch and are not mapped to the individual usernames.
By default, local authentication is enabled. You can disable local authentication only after enabling one
or more of the other authentication methods. However, when local authentication is disabled, if you
disable all other authentication methods, local authentication is reenabled automatically.
You can enable local authentication and one or more of the other authentication methods at the same
time. The switch attempts local authentication only if the other authentication methods fail.
Understanding How Local User Authentication Works
Local user authentication uses local user accounts and passwords that you create to validate the login
attempts of local users. Each switch can have a maximum of 25 local user accounts. Before you can
enable local user authentication, you must define at least one local user account.
You set up local user accounts by creating a unique username and password combination for each local
user. Each username must be fewer than 65 characters and can be any alphanumeric character (at least
one character must be alphabetic).
You configure each local user account with a privilege level; the valid privilege levels are 0 or 15. The
privilege level assigned to a username and password combination designates whether a user will be
logged in to normal or privileged mode after successful authentication. A user with a privilege level of 0
is automatically logged in to normal mode, and a user with a privilege level of 15 is logged in to
privileged mode. A user with a privilege level of 0 can still access privileged mode by entering the enable
command and password combination. Once a local user is logged in, only the commands that are
available for that privilege level can be displayed.
If you are running a CiscoView image or are logging in using an HTTP login, the system completes
Note
its initial authentication using the username and password combination. You can enter privileged
mode by either providing the privilege password or using the username and password combination if
the local user has a privilege level of 15.
OL-8978-04
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Understanding How Authentication Works
39-3
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
