CLI Guide

Table Of Contents
Security Commands 919
To authenticate a switch administrator, the authentication methods in the
APL for the access line are attempted in order until an authentication
attempt returns a success or failure return code. If a method times out, the
next method in the list is attempted. The component requesting
authentication is unaware of the ultimate authentication source. If a method
in the preference list does not support the concept of time-out, subsequent
entries in the list are never attempted. For example, the local authentication
method implementation does not supply a time-out value. If a list contains
the local method, followed by the RADIUS authentication method, the
RADIUS method is not attempted.
Once an APL is created, a reference to that APL can be stored in the access
line configuration to determine how specific components should
authenticate users. The APL and associated component ID are stored
together. A single APL can be referenced by multiple methods.
The administrator can enable/disable/reorder authentication methods on a
per method basis (see above).
Administrative Accounting
The administrator may choose to account administrative activity on the
switch. The following accounting types are supported:
User exec sessions: User login and logout times are noted and conveyed to
an external AAA server.
User executed commands: Commands executed by the user and the time
of execution are accounted and conveyed to an external AAA server.
Administrator activity can be accounted for at the end and/or at the
beginning of the activity. For this purpose, the following record-types are
defined:
Start-stop
Accounting notifications are sent when the administrator logs into the
switch and when the administrator exits exec mode. Accounting
notifications are also sent at the beginning and at the end of each
administrator executed command. Command execution does not wait for
the accounting notification to be recorded at the AAA server.
Stop-only