4 authentication securityip – PLANET XGS3-24040 User Manual

XGS3 Command Guide

1-58

Usage Guide:

The authentication method for Console, VTY and Web login can be configured respectively. And authentication

method can be any one or combination of Local, RADIUS or TACACS. When login method is configuration in

combination, the preference goes from left to right. If the users have passed the authentication method,

authentication method of lower preferences will be ignored. To be mentioned, if the user receives correspond

protocol’s answer whether refuse or incept, it will not attempt the next authentication method (Exception: if the local

authentication method failed, it will attempt the next authentication method); it will attempt the next authentication

method if it receives nothing. And AAA function RADIUS server should be configured before the RADIUS

configuration method can be used. And TACACS server should be configured before the TACACS configuration

method can be used.

The authentication line console login command is exclusive with the “login” command. The authentication line

console login command configures the switch to use the Console login method. And the login command makes the

Console login to use the passwords configured by the password command for authentication.

If local authentication is configured while no local users are configured, users will be able to login the switch via the

Console method.

Example:

Configure the remote login authentication mode to radius.

Switch(config)#authentication login radius

Relative Command:

aaa enable, radius-server authentication host, tacacs-server authentication host, tacacs-server key

1.2.4 authentication securityip

Command:

authentication securityip <ip

no authentication securityip <ip-addr>

Function:

To configure the trusted IP address for Telnet and HTTP login method. The no form of this command will remove the

trusted IP address configuration.

Parameters:

<ip-addr> is the trusted IP address of the client in dotted decimal format which can login the switch.

Default:

No trusted IP address is configured by default.

Command Mode:

Global Mode.

Usage Guide:

IP address of the client which can login the switch is not restricted before the trusted IP address is not configured.

After the trusted IP address is configured, only clients with trusted IP addresses are able to login the switch. Up to 32

trusted IP addresses can be configured in the switch.

Example:

To configure 192.168.1.21 as the trusted IP address.

Switch(config)# authentication securityip 192.168.1.21