130 MES1000, MES2000 Ethernet Switches
the console will always be successful (aaa
authentication enable default enable none).
List is created with the command:
aaa authentication enable list_name method1
[method2...]. List utilization: aaa authentication
enable list_name
All requests send to Radius and TACACS servers
include '$enabx$' username, where x is the privilege
level.
no aaa authentication
enable
{default | list_name}
Restore the default value.
enable password
[level level] password
[encrypted]
level: [1..15]
password: [1..159]
characters
Set the password to control user access privilege changes.
- level—privilege level
- password—password
- encrypted—define the encrypted password (e.g. encrypted
password copied from another device)
no enable password
[level level]
Remove the record for the respective privilege level.
username name {
nopassword |
password password |
password encrypted
encrypted_password }
[priveliged level]
level: [1..15]
password:
[1..159] characters
name: 1..20 characters
Add the user to the local database.
- level—privilege level
- password—password
- name—username
- encrypted_password—encrypted password (e.g. encrypted
password copied from another device)
Remove the user from the local database.
aaa accounting login start-
stop group radius
Accounting is disabled by
default.
Enable accounting for control sessions.
Accounting is enabled only users logged in with their
username and password; for users logged in with
terminal password, accounting is disabled.
Accounting will be enabled when the user logs in,
and will be disabled when the user logs out, that
corresponds to start and stop values in RADIUS protocol
messages (for RADIUS protocol message parameters, see
Table 5.136).
no aaa accounting login
start-stop group radius
Restore the default value.
aaa accounting dot1x start-
stop group radius
Accounting is disabled by
default.
Enable accounting for 802.1x sessions.
Accounting will be enabled when the user logs in, and will be
disabled when the user logs out, that corresponds to start
and stop values in RADIUS protocol messages (for RADIUS
protocol message parameters, see Table 5.137).
In multiple sessions mode, start/stop messages are
sent for all users; in multiple hosts mode—only for
authenticated users (see 802.1x Section).
no aaa accounting dot1x
start-stop group radius
Restore the default value.
ip http authentication aaa
login-authentication
method1 [method2...]
Method:
local, none, tacacs,
radius/local
Define the authentication method for HTTP server access.
When the method list is set, the additional method will be
applied only when the main authentication method will return
the error.
- local—by local database name
- none—not used
- tacacs—use all TACACS+ server lists
- radius—use all RADIUS server lists
no ip http authentication
aaa login-authentication
Restore the default value.
ip ftp authentication aaa
login-authentication
method1 [method2...]
Method:
local, none, tacacs,
radius/local
Define the authentication method for FTP server access. When
the method list is set, the additional method will be applied
only when the main authentication method will return the
error.
- local—by local database name
To Next Page
Loading...
Need help?
General
