Configuring the Switch for Local Authentication and Authorization
You can configure AAA to operate without a server by setting the switch to implement AAA in local mode. The switch then handles authentication and authorization. No accounting is available in this configuration.
Note |
To secure the switch for HTTP access by using AAA methods, you must configure the switch with the ip http authentication aaa global configuration command. Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. |
Follow these steps to configure AAA to operate without a server by setting the switch to implement AAA in local mode:
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
Step 3 |
aaa new-model Example:
|
Enables AAA. |
Step 4 |
aaa authentication login default local Example:
|
Sets the login authentication to use the local username database. The default keyword applies the local user database authentication to all ports. |
Step 5 |
aaa authorization exec default local Example:
|
Configures user AAA authorization, check the local database, and allow the user to run an EXEC shell. |
Step 6 |
aaa authorization network default local Example:
|
Configures user AAA authorization for all network-related service requests. |
Step 7 |
username name [privilege level] {password encryption-type password} Example:
|
Enters the local database, and establishes a username-based authentication system. Repeat this command for each user.
|
Step 8 |
end Example:
|
Returns to privileged EXEC mode. |
Step 9 |
show running-config Example:
|
Verifies your entries. |
Step 10 |
copy running-config startup-config Example:
|
(Optional) Saves your entries in the configuration file. |