Local authentication process (TACACS+)
"Local" is the authentication option for the access method being used.
TACACS+ is the primary authentication mode for the access method being used. Local is the secondary authentication method if the switch is unable to connect to any TACACS+ servers.
For a listing of authentication options, see Configuring the switch TACACS+ server access.
If the operator at the requesting terminal correctly enters the username/password pair for either access level, access is granted.
If the username/password pair entered at the requesting terminal does not match either username/password pair previously configured locally in the switch, access is denied. In this case, the terminal is again prompted to enter a username/password pair. In the default configuration, the switch allows up to three attempts. If the requesting terminal exhausts the attempt limit without a successful authentication, the login session is terminated and the operator at the requesting terminal must initiate a new session before trying again.
The switch menu allows you to configure only the local operator and manager passwords, and not any usernames. In this case, all prompts for local authentication will request only a local password. However, if you use the CLI or the WebAgent to configure usernames for local access, you will see a prompt for both a local username and a local password during local authentication.