Users Guide
Authentication, Authorization, and Accounting 259
Authentication
Authentication is the process of validating a user's identity. During the
authentication process, only identity validation is done. There is no
determination made of which switch services the user is allowed to access.
This is true even when RADIUS is used for authentication; RADIUS cannot
perform separate transactions for authentication and authorization. However,
the RADIUS server can provide attributes during the authentication process
that are used in the authorization process.
Authentication Access Types
There are three types of authentication access:
• login— Login authentication grants access to the switch if the user
credentials are validated. Access is granted only at privilege level one.
• enable—Enable authentication grants access to a higher privilege level if
the user credentials are validated for the higher privilege level. When
RADIUS is used for enable authentication, the username for this request is
always $enab15$. The username used to log into the switch is not used for
RADIUS enable authentication.
• dot1X—802.1X authentication is used to grant an 802.1X supplicant
access to the network. For more information about 802.1X, see
"Port and
System Security" on page 663.
Table 9-5 shows the valid methods for each type of authentication:
Table 9-5. Valid Methods for Authentication Access Types
Method Login Enable 802.1x
enable yes yes no
ias no no yes
line yes yes no
local yes no no
none yes yes yes
radius yes yes yes
tacacs yes yes no