Administrator Guide
Switch Management Commands 2013
User Guidelines
The default authentication list for telnet and SSH is enableNetList. The
enableNetList uses a single method: enable. This implies that users accessing
the switch via telnet or SSH must have an enable password defined in order to
access privileged mode. Alternatively, the administrator can set the telnet and
ssh lists to enableList, which has the enable and none methods defined.
When using line ssh authentication with a RADIUS server as the primary
authentication method, be aware that the default 802.1x timeout is 45
seconds. This is the same timeout value as SSH. Thus a secondary
authentication method is unlikely to be invoked due to SSH timing out and
dropping the connection attempt.
Examples
The following example sets the telnet authentication list to enableList:
console(config)#line telnet
console(config-telnet)#enable authentication enableList
The following example enters Line Configuration mode to configure Telnet.
console(config)#line telnet
console(config-line)#
login authentication
Use the login authentication command in Line Configuration mode to
specify the login authentication method list for a line (console, telnet, or
SSH). To return to the default specified by the authentication login
command, use the no form of this command.
Syntax
login authentication {default | list-name}
no login authentication
• default — Uses the default list created with the aaa authentication
login command.
• list-name — Uses the indicated list created with the aaa authentication
login command.