Specifications

ManualsBrandsCisco ManualsComputer equipment2955T 12 - Catalyst Switch

211

212

213

214

215

216

217

218

219

220

9-31

Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide

78-11380-07

Chapter 9 Configuring Switch-Based Authentication

Configuring the Switch for Secure Shell

Beginning in privileged EXEC mode, follow these steps to configure the switch for local AAA:

To disable AAA, use the no aaa new-model global configuration command. To disable authorization,

use the no aaa authorization {network | exec} method1 global configuration command.

Configuring the Switch for Secure Shell

This section describes how to configure the Secure Shell (SSH) feature. SSH is a cryptographic security

feature that is subject to export restrictions. To use this feature, the cryptographic (encrypted) enhanced

software image (EI) must be installed on your switch. You must obtain authorization to use this feature

and to download the cryptographic software files. For more information, see the “Cryptographic

Software Image Guidelines” section.This section contains this configuration information:

• Understanding SSH, page 9-32

• Cryptographic Software Image Guidelines, page 9-32

• Configuring SSH, page 9-32

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

aaa new-model Enable AAA.

Step 3

aaa authentication login default local Set the login authentication to use the local username database. The

default keyword applies the local user database authentication to all

interfaces.

Step 4

aaa authorization exec local Configure user AAA authorization to determine if the user is allowed to

run an EXEC shell by checking the local database.

Step 5

aaa authorization network local Configure user AAA authorization for all network-related service

requests.

Step 6

username name [privilege level]

{password encryption-type password}

Enter the local database, and establish a username-based authentication

system.

Repeat this command for each user.

• For name, specify the user ID as one word. Spaces and quotation

marks are not allowed.

• (Optional) For level, specify the privilege level the user has after

gaining access. The range is 0 to 15. Level 15 gives privileged EXEC

mode access. Level 0 gives user EXEC mode access.

• For encryption-type, enter 0 to specify that an unencrypted password

follows. Enter 7 to specify that a hidden password follows.

• For password, specify the password the user must enter to gain access

to the switch. The password must be from 1 to 25 characters, can

contain embedded spaces, and must be the last option specified in the

username command.

Step 7

end Return to privileged EXEC mode.

Step 8

show running-config Verify your entries.

Step 9

copy running-config startup-config (Optional) Save your entries in the configuration file.