Chapter 27
Configuring Switch Access Using AAA
Setting Authentication Login Attempts for Privileged Mode
To set up login authentication for privileged mode, perform this task in privileged mode:
Task
Step 1
Enable login attempt for privileged mode. Use the
console or telnet keywords if you want to enable
local authentication only for the console port or
for Telnet connection attempts.
Step 2
Enable login lockout time for privileged mode.
Use the console or telnet keywords if you want to
enable local authentication only for the console
port or for Telnet connection attempts.
Step 3
Verify the local authentication configuration.
This example shows how to limit enable mode login attempts to 5, set the enable mode lockout time for
both console and Telnet connections to 50 seconds, and verify the configuration:
Console> (enable) set authentication enable attempt 5
Enable mode authentication attempts for console and telnet logins set to 5.
Console> (enable) set authentication enable lockout 50
Enable mode lockout time for console and telnet logins set to 50.
Console> (enable) show authentication
Login Authentication:
---------------------
tacacs
radius
kerberos
local
attempt limit
lockout timeout (sec)
Enable Authentication: Console Session
---------------------- ----------------- ----------------
tacacs
radius
kerberos
local
attempt limit
lockout timeout (sec)
Console> (enable)
Configuring Local Authentication
These sections describe how to configure local authentication on the switch:
•
•
•
•
•
78-12647-02
Console Session
----------------
disabled
disabled
disabled
enabled(primary)
5
50
disabled
disabled
disabled
enabled(primary)
5
50
Enabling Local Authentication, page 27-14
Setting the Login Password, page 27-14
Setting the Enable Password, page 27-15
Disabling Local Authentication, page 27-15
Recovering a Lost Password, page 27-16
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
Command
set authentication enable attempt {count}
[console | telnet]
set authentication enable lockout {time}
[console | telnet]
show authentication
Telnet Session
Http Session
----------------
----------------
disabled
disabled
disabled
disabled
disabled
disabled
enabled(primary)
enabled(primary)
5
-
50
-
Telnet Session
Http Session
----------------
disabled
disabled
disabled
disabled
disabled
disabled
enabled(primary)
enabled(primary)
5
-
50
-
Configuring Authentication
27-13