Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Local Authentication and Authorization
This section lists any prerequisites for local authentication and authorization.
Restrictions on Local Authentication and Authorization
This section lists any restrictions for local authentication and authorization.
How to Configure Local Authentication and Authorization
Configuring the Switch for Local Authentication and Authorization
You can configure AAA to operate without a server by setting the Catalyst 3850 switch to implement AAA in local mode. The switch then handles authentication and authorization. No accounting is available in this configuration.
To secure the switch for HTTP access by using AAA methods, you must configure the
switch with the ip http authentication aaa global
configuration command. Configuring AAA authentication does not secure the switch for
HTTP access by using AAA methods.
Beginning in privileged EXEC mode, follow these steps to configure AAA to operate without a server by setting the switch to implement AAA in local mode:
Enters the local database, and establishes a username-based authentication system.
Repeat this command for each user.
For name, specify the user ID as one word. Spaces
and quotation marks are not allowed.
(Optional) For level, specify the privilege level
the user has after gaining access. The range is 0 to 15. Level 15 gives
privileged EXEC mode access. Level 0 gives user EXEC mode access.
For encryption-type, enter 0 to specify that an
unencrypted password follows. Enter 7 to specify that a hidden password
For password, specify the password the user must
enter to gain access to the switch. The password must be from 1 to 25
characters, can contain embedded spaces, and must be the last option
specified in the username command.
The Cisco Support website provides extensive online resources,
including documentation and tools for troubleshooting and
resolving technical issues with Cisco products and technologies.
To receive security and technical information about your
products, you can subscribe to various services, such as the
Product Alert Tool (accessed from Field Notices), the Cisco
Technical Services Newsletter, and Really Simple Syndication
Access to most tools on the Cisco Support website requires a
Cisco.com user ID and password.