Configuring the switch authentication methods

The aaa authentication command configures access control for the following access methods:
  • Console

  • Telnet

  • SSH

  • Web

  • Port-access (802.1X)

However, TACACS+ authentication is only used with the console, Telnet, or SSH access methods. The command specifies whether to use a TACACS+ server or the switch local authentication, or (for some secondary scenarios) no authentication. This means that if the primary method fails, authentication is denied. The command also reconfigures the number of access attempts to allow in a session if the first attempt uses an incorrect username/password pair.