Filter
Top Products
9-40
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 9 Configuring Switch-Based Authentication
Configuring the Switch for Local Authentication and Authorization
To disable AAA, use the no aaa new-model global configuration command. To disable the AAA server
functionality on the switch, use the no aaa server radius dynamic authorization global configuration
command.
Monitoring and Troubleshooting CoA Functionality
Use these Cisco IOS commands to monitor and troubleshoot CoA functionality on the switch:
• debug radius
• debug aaa coa
• debug aaa pod
• debug aaa subsys
• debug cmdhd [detail | error | events]
• show aaa attributes protocol radius
Configuring RADIUS Server Load Balancing
This feature allows access and authentication requests to be evenly across all RADIUS servers in a server
group. For more information, see the “RADIUS Server Load Balancing” chapter of the “Cisco IOS
Security Configuration Guide”, Release 12.2:
http://www.ciscosystems.com/en/US/docs/ios/12_2sb/feature/guide/sbrdldbl.html
Displaying the RADIUS Configuration
To display the RADIUS configuration, use the show running-config privileged EXEC command.
Configuring the Switch for Local Authentication and
Authorization
You can configure AAA to operate without a server by setting the switch to implement AAA in local
mode. The switch then handles authentication and authorization. No accounting is available in this
configuration.
Beginning in privileged EXEC mode, follow these steps to configure the switch for local AAA:
Step 13
show running-config Verify your entries.
Step 14
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
aaa new-model Enable AAA.
Step 3
aaa authentication login default
local
Set the login authentication to use the local username database. The default
keyword applies the local user database authentication to all ports.