39-11
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 39 Configuring the Switch Access Using AAA
Configuring Authentication on the Switch
Authentication Configuration Guidelines
This section describes the guidelines for configuring authentication on the switch:
• Authentication configuration applies to both console and Telnet connection attempts unless you use
the console and telnet keywords to specify the authentication methods to use for each connection
type individually.
• If you configure a RADIUS or TACACS+ key on the switch, make sure that you configure an
identical key on the RADIUS or TACACS+ server.
• You must specify a RADIUS or TACACS+ server before enabling RADIUS or TACACS+ on the
switch.
• If you configure multiple RADIUS or TACACS+ servers, the first server that is configured is the
primary server and authentication requests are sent to this server first. You can specify a server as
primary by using the primary keyword.
• RADIUS and TACACS+ support one privileged mode only (level 1).
• Kerberos authentication does not work if TACACS+ is also used as an authentication mechanism.
• Before you can enable local user authentication, you must define at least one username.
• Local user accounts and passwords must be fewer than 65 characters and can consist of any
alphanumeric characters. Local user accounts must contain at least one alphabetic character.
Configuring Login Authentication
These sections describe how to configure login authentication on the switch:
• Setting Authentication Login Attempts on the Switch, page 39-11
• Setting Authentication Login Attempts for the Privileged Mode, page 39-12
Setting Authentication Login Attempts on the Switch
To set up login authentication on the switch, perform this task in privileged mode:
Task Command
Step 1
Enable login attempt limits on the switch. Enter
the console or telnet keyword if you want to
enable local authentication only for the console
port or for Telnet connection attempts.
set authentication login attempt {count}
[console | telnet]
Step 2
Enable the login lockout time on the switch. Enter
the console or telnet keyword if you want to
enable local authentication only for the console
port or for Telnet connection attempts.
set authentication login lockout {time} [console
| telnet]
Step 3
Verify the local authentication configuration. show authentication
To Next Page
Loading...
Need help?
General