System information
3-129
Authentication Commands
3
Authentication Commands
You can configure this switch to authenticate users logging into the system for
management access using local, RADIUS, or TACACS authentication methods. You
can also enable port-based authentication for network client access using IEEE
802.1x.
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access
Controller Access Control System Plus (TACACS+) are logon authentication
protocols that use software running on a central server to control access to
RADIUS-aware or TACACS+-aware devices on the network. An authentication
server contains a database of multiple user name/password pairs with associated
privilege levels for each user or group that require management access to a switch.
The switch supports IEEE 802.1x (dot1x) port-based access control that prevents
unauthorized access to the network by requiring users to first enter a user ID and
password for authentication. Client authentication is controlled centrally by an
RADIUS server using EAPOL (Extensible Authentication Protocol Over LANs).
Authentication Sequence
authentication login
Use this command to define the login authentication method and precedence. Use
the no form to restore the default.
Syntax
authentication login {[local] [radius] [tacacs]}
no authentication login
• local - Use local password only.
Table 3-43. Authentication Commands
Command Group Function Page
Authentication Sequence Defines logon authentication method and precedence 3-129
RADIUS Client Configures settings for authentication via a RADIUS server 3-130
TACACS+ Client Configures settings for authentication via a TACACS+ server 3-134
Port Authentication Configures host authentication on specific ports using 802.1x 3-136
Table 3-44. Authentication Sequence
Command Function Mode Page
authentication login Defines logon authentication method and precedence GC 3-129
authentication enable Defines the authentication method and precedence for
command mode change
GC 4-67