Access Security Guide K/KA/KB.15.15
Table 6 AAA Authentication Parameters (continued)
FunctionRangeDefaultName
Note: If you do not specify this
parameter in the command line, the
switch automatically assigns the
secondary method as follows:
• If the primary method is tacacs,
the only secondary method is
local.
• If the primary method is local,
the default secondary method is
none.
In a given session, specifies how
many tries at entering the correct
1 - 103num-attempts
username/password pair are
allowed before access is denied and
the session terminated.
Table 7 Primary/secondary authentication table
Effect on access attemptsAuthentication optionsAccess method and privilege
level
SecondaryPrimary
Local username/password
access only.
none*localConsole — Login
If Tacacs+ server
unavailable, uses local
username/password access.
localtacacs
Local username/password
access only.
nonelocalConsole — Enable
If Tacacs+ server
unavailable, uses local
username/password access.
localtacacs
Local username/password
access only.
none*localTelnet — Login
If Tacacs+ server
unavailable, uses local
username/password access.
localtacacs
If Tacacs+ server
unavailable, denies access.
nonetacacs
Local username/password
access only.
nonelocalTelnet — Enable
If Tacacs+ server
unavailable, uses local
username/password access.
localtacacs
If Tacacs+ server
unavailable, denies access.
nonetacacs
138 TACACS+ Authentication