mac
Commands for Basic Switch Configuration
55
Parameters: <ipv6-addr> is the security IPv6 address which can login the switch.
Default: No security IPv6 addresses are configured by default.
Command Mode: Global Mode.
Usage Guide: IPv6 address of the client which can login the switch is not restricted
before the security IPv6 address is not configured. After the security IPv6 address is
configured, only clients with security IPv6 addresses are able to login the switch. Up to
32 security IPv6 addresses can be configured in the switch.
Example: Configure the security IPv6 address is 2001:da8:123:1::1.
Switch(config)# authentication securityipv6 2001:da8:123:1::1
1.2.9 authorization
Command: authorization line {console | vty | web} exec method [method…]
no authorization line {console | vty | web} exec
Function: Configure the list of the authorization method for the login user with VTY
(login with Telnet and SSH), Web and Console. The no command restores the default
authorization method.
Parameters: line selects the authorization line, including console, vty (telnet and ssh)
and web; method is the list of the authorization method, it must be among local, tacacs
and radius keywords; local uses the local database to authorize; tacacs uses the
remote TACACS+ server to authorize; radius uses the remote RADIUS server to
authorize.
Default: There is no authorization mode.
Command Mode: Global Mode.
Usage Guide: The authorization method for Console, VTY and Web login can be
configured respectively. And authorization method can be any one or combination of
Local, RADIUS or TACACS. When login method is configuration in combination, the
preference goes from left to right. If the users have passed the authorization method,
authorization method of lower preferences will be ignored. To be mentioned, if the user
receives corresponding protocol’s answer whether refuse or incept, it will not attempt the
next authorization method; it will attempt the next authorization method if it receives
nothing. And AAA function RADIUS server should be configured before the RADIUS
configuration method can be used. And TACACS server should be configured before the
TACACS configuration method can be used.
The local users adopt username command permission while authorization
command is not configured, the users login the switch via RADIUS/TACACS method and
works under common mode.
Example: Configure the telnet authorization method to RADIUS.
Switch(config)#authorization line vty exec radius