Configuring Local Authentication and Authorization
Your software release may not support all the features documented in
this module. For the latest caveats and feature information, see Bug Search
Tool and the release notes for your platform and software release. To find
information about the features documented in this module, and to see a list of
the releases in which each feature is supported, see the feature information
table at the end of this module.
Use Cisco Feature Navigator to find information about platform support
and Cisco software image support. To access Cisco Feature Navigator, go to
http://www.cisco.com/go/cfn. An account on Cisco.com is
How to Configure Local Authentication and Authorization
Switch for Local Authentication and Authorization
You can configure
AAA to operate without a server by setting the switch to implement AAA in local
mode. The switch then handles authentication and authorization. No accounting
is available in this configuration.
To secure the
switch for HTTP access by using AAA methods, you must configure the switch with
ip http authentication
aaa global configuration command. Configuring AAA authentication
does not secure the switch for HTTP access by using AAA methods.
Follow these steps
to configure AAA to operate without a server by setting the switch to implement
AAA in local mode:
aaa authentication login default local
aaa authorization exec local
aaa authorization network local
| ||Command or Action||Purpose|
privileged EXEC mode. Enter your password if prompted.
Switch# configure terminal
Enters the global
|Step 3||aaa new-model
Switch(config)# aaa new-model
|Step 4||aaa authentication login default local
Switch(config)# aaa authentication login default local
Sets the login
authentication to use the local username database. The
applies the local user database authentication to all ports.
|Step 5||aaa authorization exec local
Switch(config)# aaa authorization exec local
AAA authorization, check the local database, and allow the user to run an EXEC
|Step 6||aaa authorization network local
Switch(config)# aaa authorization network local
AAA authorization for all network-related service requests.
Switch(config)# username your_user_name privilege 1 password 7 secret567
Enters the local
database, and establishes a username-based authentication system.
command for each user.
the user ID as one word. Spaces and quotation marks are not allowed.
the privilege level the user has after gaining access. The range is 0 to 15.
Level 15 gives privileged EXEC mode access. Level 0 gives user EXEC mode
encryption-type, enter 0 to specify that an
unencrypted password follows. Enter 7 to specify that a hidden password
specify the password the user must enter to gain access to the switch. The
password must be from 1 to 25 characters, can contain embedded spaces, and must
be the last option specified in the
privileged EXEC mode.
|Step 9||show running-config
Switch# show running-config
Verifies your entries.
|Step 10||copy running-config
Switch# copy running-config startup-config
(Optional) Saves your entries
in the configuration file.
Monitoring Local Authentication and Authorization
To display Local Authentication and Authorization configuration, use the show running-config privileged EXEC command.
All supported MIBs for this release.
and download MIBs for selected platforms, Cisco IOS releases, and feature sets,
use Cisco MIB Locator found at the following URL:
Support website provides extensive online resources, including documentation
and tools for troubleshooting and resolving technical issues with Cisco
products and technologies.
security and technical information about your products, you can subscribe to
various services, such as the Product Alert Tool (accessed from Field Notices),
the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS)
most tools on the Cisco Support website requires a Cisco.com user ID and