Access Security Guide K/KA/KB.15.15
<enable | login>
Primary authentication method. Default: local
<local | radius>
Use either the local switch user/password database or a RADIUS server for
authentication.
<server-group <group-name>>
Specifies the server group to use
[local | none | authorized}
Provides options for secondary authentication (default: none). Note that for
console access, secondary authentication must be local if primary access is not
local. This prevents you from being locked out of the switch in the event of a
failure in other access methods.
Syntax
aaa authentication <port-access <local | eap-radius |
<mac-based | web-based <chap-radius | peap-mschapv2> [none
| authorized | server-group <group-name>]>>
Configures the primary authentication method for portaccess, MAC-based, or
web-based access.
mac-based | web-based <chap-radius | peap-mschapv2>
Password authentication for web-based or MAC-based port access to the switch.
Use peap-mschapv2 when you want password verification without requiring
access to a plain text password; it is more secure. Default: chap-radius
<port-access <local | eap-radius | chap-radius>
Configures local, chap-radius (MD5), or eap-radius as the primary password
authentication method for port-access. The default primary authentication is
local. (See the documentation for your RADIUS server application.)
[none | authorized | server-group <group-name>
none
No backup authentication method is used.
authorized
Allow access without authentication
server-group <group-name>
Specifies the server group to use with RADIUS.
Syntax
aaa accounting <exec | network | system | commands |
<start-stop | stop-only> radius [server-group <group-name>]
Configures accounting type and how data will be sent to the RADIUS server.
radius
Uses RADIUS protocol as accounting method.
server-group <group-name>
Specifies the server group to use with RADIUS.
166 RADIUS Authentication, Authorization, and Accounting