How to Configure the Switch for Local Authentication and Authorization
You can configure authentication, authorization, and accounting (AAA) to operate without a server by setting the switch to implement AAA in local mode. The switch then handles authentication and authorization. No accounting is available in this configuration.
Note |
To secure the switch for HTTP access by using AAA methods, you must configure the switch with the ip http authentication aaa command in global configuration mode. Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. |
To configure AAA to operate without a server by setting the switch to implement AAA in local mode, perform this procedure.
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
Step 3 |
aaa new-model Example:
|
Enables AAA. |
Step 4 |
aaa authentication login default local Example:
|
Sets the login authentication to use the local username database. The default keyword applies the local user database authentication to all ports. |
Step 5 |
aaa authorization exec default local Example:
|
Configures user AAA authorization, check the local database, and allow the user to run an EXEC shell. |
Step 6 |
aaa authorization network default local Example:
|
Configures user AAA authorization for all network-related service requests. |
Step 7 |
username name [privilege level] {password encryption-type password} Example:
|
Enters the local database, and establishes a username-based authentication system. Repeat this command for each user.
|
Step 8 |
end Example:
|
Returns to privileged EXEC mode. |
Step 9 |
show running-config Example:
|
Verifies your entries. |
Step 10 |
copy running-config startup-config Example:
|
(Optional) Saves your entries in the configuration file. |