180 Cisco LAN Switching Configuration Handbook
Switch(config-access-map)# action forward
Switch(config-access-map)# exit
Switch(config)# vlan filter watchlist vlan-list 101
Switch(config)# end
Switch(config)# copy running-config startup-config
11-5: Switch Authentication
■ Switch authentication enables you to control how people access the switch.
■ By default switch authentication is controlled locally by the user password and the
enable password.
■ You can configure the switch to use an authentication server, such as a RADIUS or
TACACS+ server, for authentication.
■ After you configure RADIUS or TACACS+, it is important to have local authentica-
tion enabled to log in to the switch if the authentication server is down.
■ Configuration for authentication is sometimes required for options such as Secure
Shell (SSH) Telnet and 802.1X port authorization.
Configuration
Switch authentication specifies how users are verified before being allowed to access the
user or privileged mode command-line interface prompts. Authentication can be config-
ured by local passwords on the switch, or it can be configured so users are authorized by
a TACACS or RADIUS server. Use the following commands to control authentication of
users on the switch.
1. Configure local authentication.
Default authorization is handled by passwords on the switch. The commands listed
in this section show how to enable or disable this default authentication. Local
authentication should not be disabled even if you use a server for authentication
because it provides a “back door,” or a secondary option, for authentication if the
server fails. A switch has two levels of authentication: user level and privileged level.
These commands show how to control authentication for each level.
a. Enable AAA Globally
(global) aaa new-model
(global) aaa authentication login {default | list-name} method1
[method2...]
Use this command to enable or disable user-level local authentication for the
console, telnet, http, or all services on a switch.
To Next Page
Loading...
Need help?
General
