Users Guide

Table Of Contents
Authentication, Authorization, and Accounting 277
Authentication Examples
It is important to understand that during authentication, all that happens is
that the device is validated. If any attributes are returned from the RADIUS
server, they are not processed during the authentication phase. The attributes
are processed after authentication if the device is authorized on the port. In
the examples below, it is assumed that the default configuration of
authorization—that is, no authorization—is used.
Local Authentication Example
Use the following configuration to require local authentication when logging
in over a Telnet connection:
1
Create a login authentication list called “loc” that contains the method
local:
console#config
console(config)#aaa authentication login “loc” local
2
Enter the configuration mode for the Telnet line:
console(config)#line telnet
3
Assign the loc login authentication list to be used for users accessing the
switch via Telnet:
console(config-telnet)#login authentication loc
console(config-telnet)#exit
4
Allow Telnet and SSH users access to Privileged Exec mode. It is required
that an enable password be configured to allow local access users to elevate
to privileged exec level:
console(config)#enable password PaSSW0rd
5
Create a user with the name “guest” and password “password”. A simple
password can be configured here, since strength-checking has not yet been
enabled:
console(config)#username guest password password
6
Set the minimum number of numeric characters required when password
strength checking is enabled. This parameter is enabled only if the
passwords strength minimum character-classes parameter is set to
something greater than its default value of 0:
console(config)#passwords strength minimum numeric-characters
2