4.10.1.3 Security Switch Authentication Method Configuration

This section describes the security switch authentication method configuration, as shown in the following figure.

Figure 4-29. Authentication Method Configuration

The list of the parameters is as follows:

  • Authentication Method Configuration Help: The authentication section allows you to configure how you are authenticated when you log into the switch through one of the management clients’ interfaces. The table has one row for each client type and several columns, which are:
    • Client: The management client for which the configuration is applied; console, telnet, ssh, and HTTP.
    • Methods: Method can be set to one of the following values:
      • No: Command authorization is disabled. User is granted access to CLI commands according to his privilege level.
      • TACACS: Use remote TACACS+ server(s) for command authorization. If all remote servers are offline, you are granted access to CLI commands according to his privilege level.
  • Command Authorization Method Configuration Help: The command authorization section allows you to limit the CLI commands available to a user. The table has one row for each client type and several columns, which are:
    • Client: The management client for which the configuration is applied
    • Method: Method can be set to one of the following values:
      • No: Command authorization is disabled. User is granted access to CLI commands according to his privilege level
      • TACACS: Use remote TACACS+ server(s) for command authorization. If all remote servers are offline, the user is granted access to CLI commands according to his privilege level.
    • Cmd Lvl: Authorize all commands with a privilege level higher than or equal to this level. Valid values are in the range 0 to 15.
    • Cfg Cmd: Also authorize configuration commands
  • Accounting Method Configuration Help: The accounting section allows you to configure command and exec (login) accounting. The table has one row for each client type and several columns, which are:
    • Client: The management client for which the configuration is applied
    • Method: Method can be set to one of the following values:
      • No: Accounting is disabled
      • TACACS: Use remote TACACS+ server (s) for accounting
    • Cmd Lvl: Enable accounting of all commands with a privilege level higher than or equal to this level. Valid values are in the range 0 to 15. Leave the field empty to disable command accounting.
    • Exec: Enable exec (login) accounting