178 Configuring Authentication, Authorization, and Accounting
•
Login
— Login authentication grants access to the switch if the user
credentials are validated. Access is granted only at privilege level one.
•
Enable
—Enable authentication grants access to a higher privilege level if
the user credentials are validated for the higher privilege level. When
RADIUS is used for enable authentication, the username for this request is
always $enab15$. The username used to log into the switch is not used for
RADIUS enable authentication.
•
dot1x
—Dot1x authentication is used to grant an 802.1X supplicant access
to the network. For more information about 802.1X, see
"Configuring Port
and System Security" on page 481.
Table 9-2 shows the valid methods for each type of authentication:
Authorization
Authorization is used to determine which services the user is allowed to
access. For example, the authorization process may assign a user’s privilege
level, which determines the set of commands the user can execute. There are
three kinds of authorization: commands, exec, and network.
•
Commands
: Command authorization determines which CLI commands
the user is authorized to execute.
•
Exec
: Exec authorization determines what the user is authorized to do on
the switch; that is, the user’s privilege level and an administrative profile.
Table 9-2. Valid Methods for Authentication Types
Method Login Enable dot1x
enable yes yes no
ias no no yes
line yes yes no
local yes no no
none yes yes yes
radius yes yes yes
tacacs yes yes no
To Next Page
Loading...
