RADIUS Authentication and Accounting
Local Authentication Process
Local Authentication ProcessWhen the switch is configured to use RADIUS, it reverts to local authentication only if one of these two conditions exists:
■“Local” is the authentication option for the access method being used.
■The switch has been configured to query one or more RADIUS servers for a primary authentication request, but has not received a response, and local is the configured secondary option.
For local authentication, the switch uses the
■If the operator at the requesting terminal correctly enters the user- name/password pair for either access level (Operator or Manager), access is granted on the basis of which username/password pair was used. For example, suppose you configure Telnet primary access for RADIUS and Telnet secondary access for local. If a RADIUS access attempt fails, then you can still get access to either the Operator or Manager level of the switch by entering the correct username/pass- word pair for the level you want to enter.
■If the username/password pair entered at the requesting terminal does not match either local username/password pair previously configured in the switch, access is denied. In this case, the terminal is again prompted to enter a username/password pair. In the default configu- ration, the switch allows up to three attempts. If the requesting terminal exhausts the attempt limit without a successful authentica- tion, the login session is terminated and the operator at the requesting terminal must initiate a new session before trying again.