Configuring Authentication, Authorization, and Accounting 177• The ias method is a special method that is only used for 802.1X. It uses aninternal database (separate from the local user database) that acts like an802.1X authentication server. This method never returns an error. It willalways pass or deny a user.• The line method uses the password for the access line on which the user isaccessing the switch. If there is no line password defined for the accessline, then the line method will return an error.• The local method uses the local user database. If the user password doesnot match, then access is denied. This method returns an error if the username is not present in the local user database.• The none method does not perform any service, but instead always returnsa result as if the service had succeeded. This method never returns an error.• The radius and tacacs methods communicate with servers running theRADIUS and TACACS+ protocols, respectively. These methods canreturn an error if the switch is unable to contact the server.Access LinesThere are five access lines: console, telnet, SSH, HTTP, and HTTPS. HTTPand HTTPS are not configured using AAA method lists. Instead, theauthentication list for HTTP and HTTPS is configured directly(authorization and accounting are not supported). The default method listsfor both the HTTP and HTTPS access lines consist of only the local method.Each of the other access lines may be assigned method lists independently forthe AAA services.AuthenticationAuthentication is the process of validating a user's identity. During theauthentication process, only identity validation is done. There is nodetermination made of which switch services the user is allowed to access.This is true even when RADIUS is used for authentication; RADIUS cannotperform separate transactions for authentication and authorization. However,the RADIUS server can provide attributes during the authentication processthat are used in the authorization process.There are three types of authentication: