Configuring Local Authentication and Authorization

Similar documents
Configuring System MTU

Configuring EEE. Finding Feature Information. Information About EEE. EEE Overview

Configuring Secure Shell (SSH)

RADIUS Route Download

Controlling Switch Access with Passwords and Privilege Levels

Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+)

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH)

Controlling Switch Access with Passwords and Privilege Levels

Configuring the Cisco Discovery Protocol

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH)

Configuring Access Point Groups

Configuring Access Point Groups

Configuring Secure Shell (SSH)

Configuring Internal Power Supplies

Configuring WLAN Security

NBAR2 HTTP-Based Visibility Dashboard

Configuring System MTU

SSH Algorithms for Common Criteria Certification

AAA Dead-Server Detection

Encrypted Vendor-Specific Attributes

Configuring Ethernet Management Port

Configuring EEE. Finding Feature Information. Restrictions for EEE

Password Strength and Management for Common Criteria

Configuring Administrator Usernames and Passwords

Configuring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon

Cisco IOS Login Enhancements-Login Block

Exclusive Configuration Change Access and Access Session Locking

Configuring Ethernet Management Ports

Dynamic Bandwidth Sharing

Restrictions for Secure Copy Performance Improvement

Transferring Files Using HTTP or HTTPS

Configuring Cache Services Using the Web Cache Communication Protocol

Configuring Secure Socket Layer HTTP

Configuring Embedded Resource Manager-MIB

Encrypted Vendor-Specific Attributes

Security Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)

Exclusive Configuration Change Access and Access Session Locking

Configuring Port-Based Traffic Control

The MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to

Configuring the Physical Subscriber Line for RADIUS Access and Accounting

Flow-Based per Port-Channel Load Balancing

VRF-Aware Cloud Web Security

Configuring PoE. Finding Feature Information. Restrictions for PoE

Configuring SDM Templates

Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+

Configuring VLAN Trunks

Firewall Authentication Proxy for FTP and Telnet Sessions

RADIUS Tunnel Attribute Extensions

Configuring Authorization

Contextual Configuration Diff Utility

Configuring Ethernet Management Ports

802.1P CoS Bit Set for PPP and PPPoE Control Frames

DHCP Server RADIUS Proxy

HTTP 1.1 Web Server and Client

Password Recovery in ROM Monitor Mode

The RNS (Robust Secure Network) IE must be enabled with an AES Cipher.

Configuration Replace and Configuration Rollback

IEEE 802.1X Multiple Authentication

IEEE 802.1X with ACL Assignments

PPPoE Smart Server Selection

IP Overlapping Address Pools

PPPoE Smart Server Selection

Configuring Control Plane Policing

RADIUS for Multiple UDP Ports

FPG Endpoint Agnostic Port Allocation

Configuring Multicast VLAN Registration

Configuring LLDP, LLDP-MED, and Wired Location Service

Password Recovery in ROM Monitor Mode

RADIUS Logical Line ID

Configuring ISG Policies for Automatic Subscriber Logon

Configuring DHCP. Finding Feature Information. Information About DHCP. DHCP Server. DHCP Relay Agent

Configuring the Service Discovery Gateway

Configuring TACACS. Finding Feature Information. Prerequisites for Configuring TACACS

Configuring SDM Templates

Per-User ACL Support for 802.1X/MAB/Webauth Users

Configuring the Physical Subscriber Line for RADIUS Access and Accounting

Configuring Online Diagnostics

Configuring Local Policies

RADIUS Packet of Disconnect

Link Aggregation Control Protocol (IEEE 802.3ad) Support for Cisco ubr10012 Routers

Contextual Configuration Diff Utility

Configuring DHCP. Finding Feature Information. Information About DHCP. DHCP Server. DHCP Relay Agent

Configuring VLANs. Finding Feature Information. Prerequisites for VLANs

Object Tracking: IPv6 Route Tracking

Configuring DHCP. Finding Feature Information. Information About DHCP. DHCP Server. DHCP Relay Agent

HTTP 1.1 Web Server and Client

DMVPN Event Tracing. Finding Feature Information

Configuring Secure Shell (SSH)

IPv6 Access Control Lists

Configuring the Cisco IOS Auto-Upgrade Manager

Logging to Local Nonvolatile Storage (ATA Disk)

NETCONF Protocol. Restrictions for the NETCONF Protocol. Information About the NETCONF Protocol

Configuring DHCP Services for Accounting and Security

Flow-Based per Port-Channel Load Balancing

RADIUS Server Load Balancing

Configuring DHCP for WLANs

IEEE 802.1X Open Authentication

Configuring System Message Logs

Transcription:

Configuring Local Authentication and Authorization Finding Feature Information, page 1 How to Configure Local Authentication and Authorization, page 1 Monitoring Local Authentication and Authorization, page 4 Additional References, page 4 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required. How to Configure Local Authentication and Authorization Configuring the Switch for Local Authentication and Authorization You can configure AAA to operate without a server by setting the switch to implement AAA in local mode. The switch then handles authentication and authorization. No accounting is available in this configuration. Note To secure the switch for HTTP access by using AAA methods, you must configure the switch with the ip http authentication aaa global configuration command. Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. 1

Configuring the Switch for Local Authentication and Authorization Configuring Local Authentication and Authorization Follow these steps to configure AAA to operate without a server by setting the switch to implement AAA in local mode: SUMMARY STEPS 1. enable 2. configure terminal 3. aaa new-model 4. aaa authentication login default local 5. aaa authorization exec local 6. aaa authorization network local 7. username name [privilege level] {password encryption-type password} 8. end 9. show running-config 10. copy running-config startup-config DETAILED STEPS Step 1 Command or Action enable Purpose Enables privileged EXEC mode. Enter your password if prompted. Switch> enable Step 2 configure terminal Enters the global configuration mode. Switch# configure terminal Step 3 aaa new-model Enables AAA. Switch(config)# aaa new-model Step 4 aaa authentication login default local Switch(config)# aaa authentication login default local Sets the login authentication to use the local username database. The default keyword applies the local user database authentication to all ports. 2

Configuring Local Authentication and Authorization Configuring the Switch for Local Authentication and Authorization Step 5 Step 6 Step 7 Step 8 Command or Action aaa authorization exec local Switch(config)# aaa authorization exec local aaa authorization network local Switch(config)# aaa authorization network local username name [privilege level] {password encryption-type password} Switch(config)# username your_user_name privilege 1 password 7 secret567 end Purpose Configures user AAA authorization, check the local database, and allow the user to run an EXEC shell. Configures user AAA authorization for all network-related service requests. Enters the local database, and establishes a username-based authentication system. Repeat this command for each user. For name, specify the user ID as one word. Spaces and quotation marks are not allowed. (Optional) For level, specify the privilege level the user has after gaining access. The range is 0 to 15. Level 15 gives privileged EXEC mode access. Level 0 gives user EXEC mode access. For encryption-type, enter 0 to specify that an unencrypted password follows. Enter 7 to specify that a hidden password follows. For password, specify the password the user must enter to gain access to the switch. The password must be from 1 to 25 characters, can contain embedded spaces, and must be the last option specified in the username command. Returns to privileged EXEC mode. Switch(config)# end Step 9 show running-config Verifies your entries. Switch# show running-config 3

Monitoring Local Authentication and Authorization Configuring Local Authentication and Authorization Step 10 Command or Action copy running-config startup-config Purpose (Optional) Saves your entries in the configuration file. Switch# copy running-config startup-config Related Topics SSH Servers, Integrated Clients, and Supported Versions TACACS+ and Switch Access RADIUS and Switch Access Setting Up the Switch to Run SSH SSH Configuration Guidelines Monitoring Local Authentication and Authorization To display Local Authentication and Authorization configuration, use the show running-config privileged EXEC command. Additional References Error Message Decoder Description To help you research and resolve system error messages in this release, use the Error Message Decoder tool. Link https://www.cisco.com/cgi-bin/support/errordecoder/ index.cgi MIBs MIB All supported MIBs for this release. MIBs Link To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs 4

Configuring Local Authentication and Authorization Additional References Technical Assistance Description The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Link http://www.cisco.com/support 5

Additional References Configuring Local Authentication and Authorization 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback