KB.15.15

Figure 108 Example of AAA authentication using Authorized for the secondary authentication

method

Example

Suppose you already configured local passwords on the switch, but want RADIUS

to protect primary Telnet and SSH access without allowing a secondary Telnet or

SSH access option (the switch local passwords):

Figure 109 Example configuration for RADIUS authentication

NOTE: If you configure the Login Primary method as local instead of radius (and local

passwords are configured on the switch), then clients connected to your network can gain access

to either the operator or manager level without encountering the RADIUS authentication specified

for Enable Primary. See “Local authentication process” (page 182).

Enabling manager access privilege (optional)

In the default RADIUS operation, the switch automatically admits any authenticated client to the

146 RADIUS Authentication, Authorization, and Accounting