mac
Commands for Basic Switch Configuration
34
Chapter 1 Commands for Basic Switch
Configuration
1.1 Commands for Basic Configuration
1.1.1 authentication line
Command: authentication line {console | vty | web} login {local | radius | tacacs}
no authentication line {console | vty | web} login
Function: Configure VTY (login with Telnet and SSH), Web and Console, so as to select
the priority of the authentication mode for the login user. The no form command restores
the default authentication mode.
Default: No configuration is enabled for the console login method by default. Local
authentication is enabled for the VTY and Web login method by default.
Command Mode: Global Mode.
Usage Guide: The authentication method for Console, VTY and Web login can be
configured respectively. And authentication method can be any one or combination of
Local, RADIUS and TACACS. When login method is configuration in combination, the
preference goes from left to right. If the users have passed the authentication method,
authentication method of lower preferences will be ignored. To be mentioned, the user
can login as long as a authentication method is passed. AAA function and RADIUS
server should be configured before the RADIUS authentication can be used.
The authentication line console login command is exclusive with the login
command. The authentication line console login command configures the switch to
use the Console login method. And the login command makes the Console login to use
the passwords configured by the password command for authentication.
If local authentication is configured while no local users are configured, users will be
able to login the switch via the Console method.
Example: Configure the Telnet and ssh login method to Local and RADIUS
authentication method.
Switch(config)# authentication line vty login local radius
Relative Command: aaa enable, radius-server authentication host, tacacs-server
authentication host, tacacs-server key