Select Authentication List
Use the Select
Authentication List Configuration page to associate an authentication list
with each CLI-based access method (console, Telnet, and SSH). Each access method has the
following two authentication lists associated with it:
- Login – The
authentication list to use for User EXEC-level management access to the CLI. Access at
this level has a limited number of CLI commands available to view or configure the
system. The options available in this menu include the default Login authentication
lists as well as any user-configured Login lists.
- Enable – The
authentication list to use for Privileged EXEC-level management access to the CLI. In
Privileged EXEC mode, read-write users have access to all CLI commands. The options
available in this menu include the default Enable authentication lists as well as any
user-configured Enable lists.
To access this page,
click in the navigation menu.
Select Authentication List Fields shows the fields for
this page.
Select Authentication List Fields
Field |
Description |
Console |
The Login authentication list and the Enable authentication list to apply to users who attempt to access the CLI by using a connection to the console port. |
Telnet |
The Login authentication list and the Enable authentication list to apply to users who attempt to access the CLI by using a Telnet session. |
Secure Telnet (SSH) |
The Login authentication list and the Enable authentication list to apply to users who attempt to access the CLI by using a secure shell (SSH) session. |
List Name |
The name of the authentication list. This field can be configured only when adding a new authentication list. |
Access Type |
The way the user accesses the system. This field can be configured only when adding a new authentication list, and only the Login and Enable access types can be selected. The access types are as follows:
- Login: User EXEC-level management access to
the command-line interface (CLI) by using a console connection or a
telnet or SSH session. Access at this level has a limited number of CLI
commands available to view or configure the system.
- Enable: Privileged EXEC-level management
access to the CLI by using a console connection or a telnet or SSH
session. In Privileged EXEC mode, read-write users have access to all CLI
commands.
- HTTP: Management-level access to the web-based
user interface by using HTTP.
- HTTPS: Management-level access to the
web-based user interface by using secure HTTP.
- Dot1x: Port-based access to the network
through a switch port that is controlled by IEEE 802.1X.
|
Method Options |
The method(s) used to authenticate a user who attempts to access the management interface or network. The possible methods are as follows:
- Enable: Uses the locally configured Enable
password to verify the user's credentials.
- Line: Uses the locally configured Line
password to verify the user's credentials.
- Local: Uses the ID and password in the Local
User database to verify the user's credentials.
- RADIUS: Sends the user's ID and password to
the configured RADIUS (Remote Authentication Dial In User Service) server to verify the
user's credentials.
- TACACS+: Sends the user's ID and password to
the configured TACACS+ server to verify the user's credentials.
- None: No authentication is used.
- IAS: Uses the local Internal Authentication
Server (IAS) database for 802.1X port-based authentication.
|
List Type |
The type of list, which is one of the following:
- Default: The list is preconfigured on the
system. This type of list cannot be deleted, and only the Method Options
are configurable.
- Configured: The list has been added by a
user.
|
Access Line |
The access method(s) that use the list for authentication. The settings for this field are configured on the Authentication Selection page. |
If you change any of the
parameters, click Submit to
apply the changes to the system. If you want the switch to retain the new values across a
power cycle, you must save the configuration.