Configuring the primary password authentication method for console, Telnet, SSH and WebAgent

The following commands have the server-group option. If no server-group is specified, the default RADIUS group is used. The server group must already be configured.

NOTE:

The last RADIUS server in a server group cannot be deleted if any authentication or accounting method is using the server group.

Syntax:


aaa authentication <console|telnet|ssh|web> <enable|[login <local]|radius [server-group <group-name>|local|none|authorized]

Configures the primary password authentication method for console, Telnet, SSH, and the WebAgent.


{<local | radius>}

Primary authentication method.

Default: local


<local|radius>

Use either the local switch user/password database or a RADIUS server for authentication.


<server-group <group-name>>

Specifies the server group to use.


[local|none|authorized]

Provides options for secondary authentication.

Default: none

Note that for console access, secondary authentication must be local if primary access is not local. This prevents being locked out of the switch in the event of a failure in other access methods.