Configuring Local Authentication and

Authorization
• Finding Feature Information, page 1
• How to Configure Local Authentication and Authorization, page 1
• Monitoring Local Authentication and Authorization, page 4

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

How to Configure Local Authentication and Authorization

Configuring the Switch for Local Authentication and Authorization
You can configure AAA to operate without a server by setting the switch to implement AAA in local mode.
The switch then handles authentication and authorization. No accounting is available in this configuration.

Note To secure the switch for HTTP access by using AAA methods, you must configure the switch with the ip
http authentication aaa global configuration command. Configuring AAA authentication does not secure
the switch for HTTP access by using AAA methods.

Follow these steps to configure AAA to operate without a server by setting the switch to implement AAA in
local mode:

Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(3)E (Catalyst 3560-CX and 2960-CX Switches)

1
 Configuring Local Authentication and Authorization
Configuring the Switch for Local Authentication and Authorization

SUMMARY STEPS

1. enable
2. configure terminal
3. aaa new-model
4. aaa authentication login default local
5. aaa authorization exec local
6. aaa authorization network local
7. username name [privilege level] {password encryption-type password}
8. end
9. show running-config
10. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Switch> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Switch# configure terminal

Step 3 aaa new-model Enables AAA.

Example:
Switch(config)# aaa new-model

Step 4 aaa authentication login default local Sets the login authentication to use the local username database.
The default keyword applies the local user database authentication
Example: to all ports.

Switch(config)# aaa authentication login

default local

Step 5 aaa authorization exec local Configures user AAA authorization, check the local database, and
allow the user to run an EXEC shell.
Example:
Switch(config)# aaa authorization exec
local

Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(3)E (Catalyst 3560-CX and 2960-CX Switches)
2
 Configuring Local Authentication and Authorization
Configuring the Switch for Local Authentication and Authorization

Command or Action Purpose

Step 6 aaa authorization network local Configures user AAA authorization for all network-related service
requests.
Example:
Switch(config)# aaa authorization network
local

Step 7 username name [privilege level] {password Enters the local database, and establishes a username-based
encryption-type password} authentication system.
Repeat this command for each user.
Example:
• For name, specify the user ID as one word. Spaces and
Switch(config)# username your_user_name quotation marks are not allowed.
privilege 1 password 7 secret567
• (Optional) For level, specify the privilege level the user has
after gaining access. The range is 0 to 15. Level 15 gives
privileged EXEC mode access. Level 0 gives user EXEC mode
access.
• For encryption-type, enter 0 to specify that an unencrypted
password follows. Enter 7 to specify that a hidden password
follows.
• For password, specify the password the user must enter to
gain access to the switch. The password must be from 1 to 25
characters, can contain embedded spaces, and must be the last
option specified in the username command.

Step 8 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 9 show running-config Verifies your entries.

Example:
Switch# show running-config

Step 10 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(3)E (Catalyst 3560-CX and 2960-CX Switches)

3
 Configuring Local Authentication and Authorization
Monitoring Local Authentication and Authorization

Related Topics
SSH Servers, Integrated Clients, and Supported Versions
TACACS+ and Switch Access
RADIUS and Switch Access
Setting Up the Switch to Run SSH
SSH Configuration Guidelines

Monitoring Local Authentication and Authorization

To display Local Authentication and Authorization configuration, use the show running-config privileged
EXEC command.

Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(3)E (Catalyst 3560-CX and 2960-CX Switches)
4