9-40
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 9 Configuring Switch-Based Authentication
Configuring the Switch for Local Authentication and Authorization
To disable AAA, use the no aaa new-model global configuration command. To disable the AAA server
functionality on the switch, use the no aaa server radius dynamic authorization global configuration
command.

Monitoring and Troubleshooting CoA Functionality

Use these Cisco IOS commands to monitor and troubleshoot CoA functionality on the switch:
debug radius
debug aaa coa
debug aaa pod
debug aaa subsys
debug cmdhd [detail | error | events]
show aaa attributes protocol radius

Configuring RADIUS Server Load Balancing

This feature allows access and authentication requests to be evenly across all RADIUS servers in a server
group. For more information, see the “RADIUS Server Load Bala ncing” chapter of the “Cisco IOS
Security Configuration Guide”, Release 12.2:
http://www.ciscosystems.com/en/US/docs/ios/12_2sb/feature/guide/sbrdldbl.html

Displaying the RADIUS Configuration

To display the RADIUS configuration, use the show running-config privileged EXEC command.
Configuring the Switch for Local Authentication and Authorization
You can configure AAA to operate without a server by setting the switch to implement AAA in local
mode. The switch then handles authentication and authorization. No accounting is available in this
configuration.
Beginning in privileged EXEC mode, follow these steps to configure the switch for local AAA:
Step 13 show running-config Verify your entries.
Step 14 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 aaa new-model Enable AAA.
Step 3 aaa authentication login default
local
Set the login authentication to use the local username database. The default
keyword applies the local user database authentication to all ports.