Users Guide
Authentication, Authorization, and Accounting 283
are processed after authentication if the device is authorized on the port. In
the examples below, it is assumed that the default configuration of
authorization—that is, no authorization—is used.
Local Authentication Example
Use the following configuration to require local authentication when logging
in over a Telnet connection:
1
Create a login authentication list called “loc” that contains the method
local:
console#config
console(config)#aaa authentication login “loc” local
2
Enter the configuration mode for the Telnet line:
console(config)#line telnet
3
Assign the loc login authentication list to be used for users accessing the
switch via Telnet:
console(config-telnet)#login authentication loc
console(config-telnet)#exit
4
Allow Telnet and SSH users access to Privileged Exec mode. It is required
that an enable password be configured to allow local access users to elevate
to privileged exec level:
console(config)#enable password PaSSW0rd
5
Create a user with the name “guest” and password “password”. A simple
password can be configured here, since strength-checking has not yet been
enabled:
console(config)#username guest password password
6
Set the minimum number of numeric characters required when password
strength checking is enabled. This parameter is enabled only if the
passwords strength minimum character-classes parameter is set to
something greater than its default value of 0:
console(config)#passwords strength minimum numeric-characters
2
7
Set the minimum number of character classes that must be present in the
password. The possible character classes are: upper-case, lower-case,
numeric and special:
console(config)#passwords strength minimum character-classes 4