Cisco Cisco IOS Software Release 12.4(2)XB6 技术参考
-13
Book Title
OL-14681-01
Chapter Command Reference
aaa authentication
Usage Guidelines
The method argument identifies the list of methods that the authentication algorithm tries in the given
sequence to validate the password provided by the client. The only method that is truly
802.1X-compliant is the group radius method, in which the client data is validated against a RADIUS
authentication server. The remaining methods enable AAA to authenticate the client by using locally
configured data. For example, the local and local-case methods use the username and password that are
saved in the Cisco IOS configuration file. The enable and line methods use the enable and line
passwords for authentication.
sequence to validate the password provided by the client. The only method that is truly
802.1X-compliant is the group radius method, in which the client data is validated against a RADIUS
authentication server. The remaining methods enable AAA to authenticate the client by using locally
configured data. For example, the local and local-case methods use the username and password that are
saved in the Cisco IOS configuration file. The enable and line methods use the enable and line
passwords for authentication.
If you specify group radius, you must configure the RADIUS server by entering the radius-server host
global configuration command. If you are not using a RADIUS server, you can use the local or
local-case methods, which access the local username database to perform authentication. By specifying
the enable or line methods, you can supply the clients with a password to provide access to the switch.
global configuration command. If you are not using a RADIUS server, you can use the local or
local-case methods, which access the local username database to perform authentication. By specifying
the enable or line methods, you can supply the clients with a password to provide access to the switch.
Use the show running-config privileged EXEC command to display the configured lists of
authentication methods.
authentication methods.
Examples
The following example shows how to create an authentication list. This authentication first tries to
contact a RADIUS server. If this action returns an error, the user is allowed access with no
authentication:
contact a RADIUS server. If this action returns an error, the user is allowed access with no
authentication:
service wimax agw
aaa new-model
!
!
aaa authentication dot1x agw group radius
aaa authorization network default group radius
aaa accounting update periodic 1
aaa accounting network agw start-stop group radius
!
!
aaa session-id unique
clock timezone PST -8
clock calendar-valid
Related Commands
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support
in a specific 12.2SX release of this train depends on your feature set,
platform, and platform hardware.
in a specific 12.2SX release of this train depends on your feature set,
platform, and platform hardware.
12.4(15)XL
This command was integrated into Cisco IOS Release 12.5(15)YX.
Release
Modification
Command
Description
debug dot1x
Displays 802.1X debugging information.
identity profile default Creates an identity profile and enters dot1x profile configuration mode.
show dot1x
Displays details for an identity profile.
show dot1x
(EtherSwitch)
(EtherSwitch)
Displays 802.1X statistics, administrative status, and operational status for
the switch or for the specified interface.
the switch or for the specified interface.