Configuring Authentication
Configuring Login Authentication
These sections describe how to configure login authentication on the switch:
•
•
Setting Authentication Login Attempts on the Switch
To set up login authentication on the switch, perform this task in privileged mode:
Task
Step 1
Enable login attempt on the switch. Use the
console or telnet keywords if you want to enable
local authentication only for the console port or
for Telnet connection attempts.
Step 2
Enable login lockout time on the switch. Use the
console or telnet keywords if you want to enable
local authentication only for the console port or
for Telnet connection attempts.
Step 3
Verify the local authentication configuration.
This example shows how to limit login attempts to 5, set the lockout time for both console and Telnet
connections to 50 seconds, and verify the configuration:
Console> (enable) set authentication login attempt 5
Login authentication attempts for console and telnet logins set to 5.
Console> (enable) set authentication login lockout 50
Login lockout time for console and telnet logins set to 50.
Console> (enable) show authentication
Login Authentication:
---------------------
tacacs
radius
kerberos
local
attempt limit
lockout timeout (sec)
Enable Authentication: Console Session
---------------------- ----------------- ----------------
tacacs
radius
kerberos
local
attempt limit
lockout timeout (sec)
Console> (enable)
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
27-12
Setting Authentication Login Attempts on the Switch, page 27-12
Setting Authentication Login Attempts for Privileged Mode, page 27-13
Console Session
----------------
disabled
disabled
disabled
enabled(primary)
5
50
disabled
disabled
disabled
enabled(primary)
3
disabled
Chapter 27
Configuring Switch Access Using AAA
Command
set authentication login attempt {count}
[console | telnet]
set authentication login lockout {time}
[console | telnet]
show authentication
Telnet Session
Http Session
----------------
----------------
disabled
disabled
disabled
disabled
disabled
disabled
enabled(primary)
enabled(primary)
5
-
50
-
Telnet Session
Http Session
----------------
disabled
disabled
disabled
disabled
disabled
disabled
enabled(primary)
enabled(primary)
3
-
disabled
-
78-12647-02