Cisco® CCNP Switch Exam Cram Notes : Device Security Using local Privilege Authorization Fallback

2. Infrastructure Security

2.2 Describe device security using Cisco IOS AAA with TACACS+ and RADIUS

2.1.b Local privilege authorization fallback

Three normally used methods to verify user credentials at a switch port are:

  • By using locally configured username and password
  • By using RADIUS authentication
  • By using TACACS+ authentication.

1. To configure username and password locally, use the command at global configuration mode of the switch:

Username <username> password <password>

2. To define authentication using RADIUS, use the command

Radius-server host {<hostname | <ip-address>} [key string]

3. To define the server along with its secret shared password.

Define a group name that will contain a list of servers using the command:

Switch(config)# aaa group server {radius | tacacs+) <group-name>

4. Now, define each server of the group by using the command:

Switch(config)#server <ip-address>

5. If you have more than one RADIUS or TACACS servers, repeat the above command for each server.

Locally configured username and password are enabled by default on a switch. If there is any other authentication scheme defined, it is tried first before using local authentication. You can disable local authentication when other authentication methods are in use. You configure username and password for local authentication on a switch by using the command:

Switch(config)# username <user name> password <password>

You define a radius server for user authentication by using the command

Switch(config)#radius-server host {host-name | ip-address} [key string]

[key string] is the password that is shared between the switch and the radius server.

The command :

Switch(config)# aaa group server radius <group-name>

is used to define the group name that will contain a list of servers.

The command :

Switch(config)# aaa authentication login default radius

specifies that the default login method is RADIUS.

Previous   Contents   Next

CCNP Switch Cram Notes Contents ad