134 MES3000 Ethernet switch series
aaa authentication enable
{default | list_name}
method_list
By default, the
password check is
performed (aaa
authentication enable
default enable);
list_name: (1..12)
characters
Define authentication method for privilege level escalation on log
in.
- default—use the following authentication methods
- list_name—name of authentication method being activated
when the user logs in.
Method description (method_list):
- enable—use password for authentication
- line—use terminal password for authentication
- none—do not use authentication
- radius—use RADIUS server list for authentication
- tacacs—use TACACS server list for authentication
If the console password is not defined, the access to the
console will always be successful (aaa authentication
enable default enable none).
List is created with the command:
aaa authentication enable list_name method_list List
utilization: aaa authentication enable list_name
All requests send to Radius and TACACS servers include
'$enabx$' username, where x is the privilege level.
no aaa authentication enable
{default | list_name}
Restore the default value.
enable password [level level]
password [encrypted]
level: (1..15);
password: (1..159)
characters
Set the password to control user access privilege changes.
- level—privilege level
- password—password
- encrypted—define the encrypted password (e.g. encrypted
password copied from another device)
no enable password [level
level]
Remove the record for the respective privilege level.
username name
{nopassword | password
password | password
encrypted
encrypted_password}
[priveliged level]
level: (1..15);
password: (1..159)
characters;
name: (1..20)
characters
Add the user to the local database.
- level—privilege level
- password—password
- name—username
- encrypted_password—encrypted password (e.g. encrypted
password copied from another device)
Remove the user from the local database.
aaa accounting login start-stop
group radius
Accounting is disabled
by default.
Enable accounting for control sessions.
Accounting is enabled only for users logged in with their
username and password; for users logged in with
terminal password, accounting is disabled.
Accounting will be enabled when the user logs in and
will be disabled when the user logs out; that corresponds
to start and stop values in RADIUS protocol messages (for
RADIUS protocol message parameters, see Table 5.144).
no aaa accounting login
startstop group radius
Restore the default value.
aaa accounting dot1x
startstop group radius
Accounting is disabled
by default.
Enable accounting for IEEE 802.1x sessions.
Accounting will be enabled when the user logs in and
will be disabled when the user logs out; that corresponds
to start and stop values in RADIUS protocol messages
(for RADIUS protocol message parameters, see Table 5.145).
In multiple sessions mode, start/stop messages are sent
for all users; in multiple hosts mode—only for
authenticated users (see 802.1x Section).
no aaa accounting dot1x
startstop group radius
Restore the default value.
ip http authentication aaa
login-authentication
method_list
method_list:
local, none, tacacs,
radius/local
Define the authentication method for HTTP server access. When
the method list is set, the additional method will be applied only
when the main authentication method will return the error.
- method_list—authentication method
- local—by local database name
- none—not used
- tacacs—use all TACACS+ server lists
- radius—use all RADIUS server lists
To Next Page
Loading...
