9-45
Catalyst 3750 SwitchSoftware Configuration Guide
OL-8550-09
Chapter9 Configuring Switch-Based Authentication
Configuring the Switch for Secure Shell
To disable AAA, use the no aaa new-model global configuration command. To disable authorization,
use the no aaa authorization {network | exec} method1 global configuration command.
Note To secure the switch for HTTP access by using AAA methods, you must configure the switch with the
ip http authentication aaa global configuration command. Configuring AAA authentication does not
secure the switch for HTTP access by using AAA methods.
For more information about the ip http authentication command, see the Cisco IOS Security Command
Reference, Release 12.2.
Configuring the Switch for Secure Shell
This section describes how to configure the Secure Shell (SSH) feature. To use this feature, you must
install the cryptographic (encrypted) software image on your switch. You must obtain authorization to
use this feature and to download the cryptographic software files from Cisco.com. For more information,
see the release notes for this release.
These sections contain this information:
Understanding SSH, page 9-46
Configuring SSH, page9-47
Step3 aaa authentication login default
local
Set the login authentication to use the local username database. The default
keyword applies the local user database authentication to all ports.
Step4 aaa authorization exec local Configure user AAA authorization, check the local database, and allow the
user to run an EXEC shell.
Step5 aaa authorization network local Configure user AAA authorization for all network-related service requests.
Step6 username name [privilege level]
{password encryption-type
password}
Enter the local database, and establish a username-based authentication
system.
Repeat this command for each user.
For name, specify the user ID as one word. Spaces and quotation marks
are not allowed.
(Optional) For level, specify the privilege level the user has after gaining
access. The range is 0 to 15. Level 15 gives privileged EXEC mode
access. Level 0 gives user EXEC mode access.
For encryption-type, enter 0 to specify that an unencrypted password
follows. Enter 7 to specify that a hidden password follows.
For password, specify the password the user must enter to gain access to
the switch. The password must be from 1 to 25 characters, can contain
embedded spaces, and must be the last option specified in the username
command.
Step7 end Return to privileged EXEC mode.
Step8 show running-config Verify your entries.
Step9 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose