7-24
Catalyst 2950 Desktop Switch Software Configuration Guide
78-14982-01
Chapter 7 Administering the Switch
Controlling Switch Access with RADIUS
Command Purpose
Step 1 configure terminal Enter globa l configurati on mode.
Step 2 aaa new-model Enable AAA.
Step 3 aaa authent ication logi n {default |
list-name} method1 [method2...]Create a logi n authen ticatio n method list .
To create a default list that is used when a named list is not specified
in t he lo gin aut hent ica tion co mmand, use the default keyword
followed by the meth ods that are to b e u sed i n def au lt situ ations. The
default method list is automatically applied to all interfaces.
For list-name, specify a character string to name the list you are
crea tin g .
For method1..., specify the actual method the authentication
algorithm tries. The additional methods of authentication are used
only if the previous method returns an error, not if it fails.
Select one of these me thods:
enableUse the e nable passwor d for authen tication. Before you
can use this au then ticatio n meth od, you must define an enable
password by using t he en abl e password globa l c onfigura tion
command.
group radiusU se RADIUS authen tication. Before y ou can use
this aut hent ica tion me thod , you mu st configu re th e R ADI US
server. For more information, see the Identifying the RADIUS
Ser ver H o st section on page 7-20.
lineUse the line password for authentication. Before you can
use this authen tication meth od, you must def ine a line passwo rd.
Use th e password password line configurat ion comm and.
localU se th e loca l user name d ataba se for au th entic atio n. You
must enter username information in the database. Use the
username name password globa l c onfiguratio n c omma nd .
local-caseUse a case-sensitive local username database for
authentication. You must enter username information in the
database by using the username password glo bal configurat ion
command.
noneDo no t use any authentica tion for logi n.
Step 4 line [console | tty | vty] line-number
[ending-line-number]Enter line configuration mode, and configure the lines to which you want
to apply the authentication list.
Step 5 login aut hent ica tion {default |
list-name}Apply the authentication list to a line or set of lines.
If you speci fy default, use the default list created with the aaa
authenti catio n login co mman d.
For list-name, specify the list created with the aaa authenticat ion
login command.
Step 6 end Return to privileged EXEC mode.
Step 7 show running-config Ve rify yo ur ent rie s.
Step 8 copy running-config startup-config (Optiona l) Save your entries in the co nfigurati on file.