Configuring the switch authentication methods
The
aaa authentication
command
configures access control for the following access methods: Console
Telnet
SSH
Web
Port-access (802.1X)
However, TACACS+ authentication is only used with the console, Telnet, or SSH access methods. The command specifies whether to use a TACACS+ server or the switch local authentication, or (for some secondary scenarios) no authentication. This means that if the primary method fails, authentication is denied. The command also reconfigures the number of access attempts to allow in a session if the first attempt uses an incorrect username/password pair.