Consolidated Platform Configuration Guide, Cisco IOS XE 3.3SE (Catalyst 3650 Switches)

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: March 12, 2015

Chapter: Configuring Local Authentication and Authorization

Finding Feature Information
How to Configure Local Authentication and Authorization
- Configuring the Switch for Local Authentication and Authorization
Monitoring Local Authentication and Authorization
Additional References

Configuring Local Authentication and Authorization

Finding Feature Information
How to Configure Local Authentication and Authorization
Monitoring Local Authentication and Authorization
Additional References

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

How to Configure Local Authentication and Authorization

Configuring the Switch for Local Authentication and Authorization

You can configure AAA to operate without a server by setting the switch to implement AAA in local mode. The switch then handles authentication and authorization. No accounting is available in this configuration.

Note

To secure the switch for HTTP access by using AAA methods, you must configure the switch with the ip http authentication aaa global configuration command. Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods.

Beginning in privileged EXEC mode, follow these steps to configure AAA to operate without a server by setting the switch to implement AAA in local mode:

SUMMARY STEPS

1. configure terminal

2. aaa new-model

3. aaa authentication login default local

4. aaa authorization exec local

5. aaa authorization network local

6. username name [privilege level] {password encryption-type password}

7. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Switch# `configure terminal`	Enters the global configuration mode.
Step 2	aaa new-model Example: Switch(config)# `aaa new-model`	Enables AAA.
Step 3	aaa authentication login default local Example: Switch(config)# `aaa authentication login default local`	Sets the login authentication to use the local username database. The default keyword applies the local user database authentication to all ports.
Step 4	aaa authorization exec local Example: Switch(config)# `aaa authorization exec local`	Configures user AAA authorization, check the local database, and allow the user to run an EXEC shell.
Step 5	aaa authorization network local Example: Switch(config)# `aaa authorization network local`	Configures user AAA authorization for all network-related service requests.
Step 6	username name [privilege level] {password encryption-type password} Example: Switch(config)# `username your_user_name privilege 1 password 7 secret567`	Enters the local database, and establishes a username-based authentication system. Repeat this command for each user. For name, specify the user ID as one word. Spaces and quotation marks are not allowed. (Optional) For level, specify the privilege level the user has after gaining access. The range is 0 to 15. Level 15 gives privileged EXEC mode access. Level 0 gives user EXEC mode access. For encryption-type, enter 0 to specify that an unencrypted password follows. Enter 7 to specify that a hidden password follows. For password, specify the password the user must enter to gain access to the switch. The password must be from 1 to 25 characters, can contain embedded spaces, and must be the last option specified in the username command.
Step 7	end Example: Switch(config)# `end`	Returns to privileged EXEC mode.

Related Concepts

SSH Configuration Guidelines

Related Tasks

Setting Up the Switch to Run SSH

Monitoring Local Authentication and Authorization

To display Local Authentication and Authorization configuration, use the show running-config privileged EXEC command.

Additional References

Error Message Decoder

Description	Link
To help you research and resolve system error messages in this release, use the Error Message Decoder tool.	https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi

MIBs

MIB	MIBs Link
All supported MIBs for this release.	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

MIB

MIBs Link

All supported MIBs for this release.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description	Link
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.	http://www.cisco.com/support

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/support

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)