Configuring the primary password authentication method for console, Telnet, SSH and WebAgent

The following commands have the server-group option. If no server-group is specified, the default RADIUS group is used. The server group must already be configured.

NOTE:

The last RADIUS server in a server group cannot be deleted if any authentication or accounting method is using the server group.

Syntax

aaa authentication [<console | telnet | ssh | web> | <enable | login> | local | radius ] [ server-group | <group-name> | local | none | authorized ]
    

Configures the primary password authentication method for console, Telnet, SSH, and the WebAgent.

<local | radius >

Primary authentication method.

Default: local

[<local] radius >

Use either the local switch user/password database or a RADIUS server for authentication.

<server-group <group-name>>
    

Specifies the server group to use.

[ local | none | authorized ]

Provides options for secondary authentication.

Default: none

Note that for console access, secondary authentication must be local if primary access is not local. This prevents being locked out of the switch in the event of a failure in other access methods.