Configuring Authentication
To disable local authentication on the switch, perform this task in privileged mode:
Task
Step 1
Disable local login authentication. Use the
console or telnet keywords to disable local
authentication only for console or Telnet
connection attempts.
Step 2
Disable local enable authentication. Use the
console or telnet keywords to disable local
authentication only for console or Telnet
connection attempts.
Step 3
Verify the local authentication configuration.
This example shows how to disable local login and enable authentication for both console and Telnet
connections, and how to verify the configuration (you must have RADIUS or TACACS+ authentication
enabled before you disable local authentication):
Console> (enable) set authentication login local disable
local login authentication set to disable for console and telnet session.
Console> (enable) set authentication enable local disable
local enable authentication set to disable for console and telnet session.
Console> (enable) show authentication
Login Authentication:
---------------------
tacacs
radius
kerberos
local
Enable Authentication: Console Session
---------------------- ----------------- ----------------
tacacs
radius
kerberos
local
Console> (enable)
Recovering a Lost Password
To recover a lost local authentication password, perform this procedure. You must complete Steps 3
to 7 within 30 seconds of a power cycle or the recovery will fail. If you lost both the login and enable
passwords, repeat the process for each password.
Step 1
Connect to the switch through the supervisor engine console port. You cannot recover the password if
you are connected through a Telnet connection.
Step 2
Enter the reset system command to reboot the switch.
Step 3
At the "Enter Password" prompt, press Return. The login password is null for 30 seconds when you are
connected to the console port.
Step 4
Enter privileged mode using the enable command.
Step 5
At the "Enter Password" prompt, press Return. The enable password is null for 30 seconds when you
are connected to the console port.
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
27-16
Command
set authentication login local disable [all |
console | http | telnet]
set authentication enable local disable [all |
console | http | telnet]
show authentication
Console Session
Telnet Session
----------------
----------------
disabled
disabled
enabled(primary)
enabled(primary)
disabled
disabled
disabled
disabled
Telnet Session
disabled
disabled
enabled(primary)
enabled(primary)
disabled
disabled
disabled
disabled
Chapter 27
Configuring Switch Access Using AAA
78-12647-02