MES53xx, MES33xx, MES23xx Ethernet Switch Series 120
Table 5.114. Global configuration mode commands
aaa authentication enable
authorization {default |
list_name} method_list
list_name: (1..12)
characters;
method_list: (enable, line,
local, none, tacacs, radius).
-/By default the check is
conducted against the local
database (aaa
authentication enable
authorization default local)
Specify authentication method for logging in.
- default - use the following authentication methods.
- list_name - the name of authentication method list that is
activated when the user logs in.
Method description (method_list):
- enable - use a password for authentication.
- line - use a terminal password for authentication.
- local - use a local username database for authentication.
- none - do not use authentication.
- radius - use a RADIUS server list for authentication.
- tacacs - use a TACACS server list for authentication.
If authentication method is not defined, the
access to the console will always be open.
The list is created with by following command:
aaa authentication login list_name method_list.
List usage:
aaa authentication login list-name
To prevent the loss of access, you should always
define the required minimum of settings for the
specified authentication method.
no aaa authentication
enable authorization
{default | list_name}
enable password password
[encrypted] [level level]
level: (1..15)/1;
password: (0..159)
characters
Set the password to control user access privilege.
- level - privilege level;
- password - password;
- encrypted - encrypted password (for example, an encrypted
password copied from another device).
no enable password [level
level]
Remove the entry for the corresponding privilege level.
username name
{nopassword | password
password | password
encrypted
encrypted_password}
[priveliged level]
name: (1..20) characters
password: (1..64)
characters
encrypted_password:
(1..64) characters
level: (1..15)
Add a user to the local database.
- level - privilege level;
- password - password;
- name - username;
- encrypted_password - encrypted password (for example, an
encrypted password copied from another device).
Remove a user from the local database.
aaa accounting login
tacacs+}
-/Accounting is disabled by
default.
Enable accounting for control sessions.
Accounting is enabled only for the users logged in
with their username and password; for the users
logged in with a terminal password, accounting is
disabled.
Accounting will be enabled when the user logs in,
and will be disabled when the user logs out,
corresponding to the start and stop values in RADIUS
messages (for RADIUS protocol message parameters, see
Table 5.119).
no aaa accounting login
start-stop
Disable accounting for CLI commands.
aaa accounting dot1x
-/Accounting is disabled by
default.
Enable accounting for 802.1x sessions.
Accounting will be enabled when the user logs in, and
will be disabled when the user logs out, corresponding to the
start and stop values in RADIUS messages (for RADIUS
protocol message parameters, see Table 5.119).
In the multiple sessions mode, start/stop messages
are sent for all users; in the multiple hosts mode
only for authenticated users (see 802.1x Section).
no aaa accounting dot1x
start-stop group radius
To Next Page
Loading...
Need help?
General
