Configuring Local Authentication and Authorization
Download this chapter
Configuring Local Authentication and Authorization Configuring Local Authentication and Authorization
 Feedback

Configuring Local Authentication and Authorization

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http:/​/​www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Related References

How to Configure Local Authentication and Authorization

Configuring the Switch for Local Authentication and Authorization

You can configure AAA to operate without a server by setting the Catalyst 3850 switch to implement AAA in local mode. The switch then handles authentication and authorization. No accounting is available in this configuration.


Note

To secure the switch for HTTP access by using AAA methods, you must configure the switch with the ip http authentication aaa global configuration command. Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods.

Beginning in privileged EXEC mode, follow these steps to configure AAA to operate without a server by setting the switch to implement AAA in local mode:

SUMMARY STEPS

    1.    configure terminal

    2.    aaa new-model

    3.    aaa authentication login default local

    4.    aaa authorization exec local

    5.    aaa authorization network local

    6.    username name [privilege level] {password encryption-type password}

    7.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1configure terminal


    Example:
    
Switch# configure terminal
     

    Enters the global configuration mode.

     
    Step 2aaa new-model


    Example: 
    Switch(config)# aaa new-model
     

    Enables AAA.

     
    Step 3aaa authentication login default local


    Example: 
    Switch(config)# aaa authentication login default local
     

    Sets the login authentication to use the local username database. The default keyword applies the local user database authentication to all ports.

     
    Step 4aaa authorization exec local


    Example: 
    Switch(config)# aaa authorization exec local
     

    Configures user AAA authorization, check the local database, and allow the user to run an EXEC shell.

     
    Step 5aaa authorization network local


    Example: 
    Switch(config)# aaa authorization network local
     

    Configures user AAA authorization for all network-related service requests.

     
    Step 6username name [privilege level] {password encryption-type password}


    Example: 
    Switch(config)# username your_user_name privilege 1 password 7 secret567
     

    Enters the local database, and establishes a username-based authentication system.

    Repeat this command for each user.

    • For name, specify the user ID as one word. Spaces and quotation marks are not allowed.
    • (Optional) For level, specify the privilege level the user has after gaining access. The range is 0 to 15. Level 15 gives privileged EXEC mode access. Level 0 gives user EXEC mode access.
    • For encryption-type, enter 0 to specify that an unencrypted password follows. Enter 7 to specify that a hidden password follows.
    • For password, specify the password the user must enter to gain access to the switch. The password must be from 1 to 25 characters, can contain embedded spaces, and must be the last option specified in the username command.
     
    Step 7end


    Example:
    
Switch(config)# end
     

    Returns to privileged EXEC mode.

     
    Related Concepts
    Related Tasks

    Monitoring Local Authentication and Authorization

    To display Local Authentication and Authorization configuration, use the show running-config privileged EXEC command.