Administrator Guide
Security Commands 883
Default Configuration
The local user database is checked. This action has the same effect as the
command ip https authentication local.
Command Mode
Global Configuration mode
User Guidelines
The additional methods of authentication are used only if the previous
method returns an error, not if it fails. To ensure that the authentication
succeeds even if all methods return an error, specify none as the final method
in the command line. If none is specified as an authentication method after
radius, no authentication is used if the RADIUS server is down.
When TACACS+ is used as the authentication method for HTTP/HTTPS,
the Cisco ACS must be configured to allow the shell service. In addition, for
admin privileges, the privilege level attribute must be set to 15.
Example
The following example configures https authentication.
console(config)# ip https authentication radius local
password (aaa IAS User Configuration)
Use the password command in aaa IAS User Configuration mode to configure
a password for a user. The password is composed of up to 64 alphanumeric
characters. An optional parameter [encrypted] is provided to indicate that the
password given to the command is already pre-encrypted. To clear the user’s
password, use the no form of this command.
Keyword Source or destination
local Uses the local username database for authentication.
none Uses no authentication.
radius Uses the list of all RADIUS servers for authentication.
tacacs Uses the list of all TACACS+ servers for authentication.
2CSNXXX_SWUM204.book Page 883 Monday, January 25, 2016 1:25 PM