Configuring Authentication, Authorization, and Accounting 211AuthenticationAuthentication is the process of validating a user's identity. During theauthentication process, only identity validation is done. There is nodetermination made of which switch services the user is allowed to access.This is true even when RADIUS is used for authentication; RADIUS cannotperform separate transactions for authentication and authorization. However,the RADIUS server can provide attributes during the authentication processthat are used in the authorization process.Authentication TypesThere are three types of authentication:• Login— Login authentication grants access to the switch if the usercredentials are validated. Access is granted only at privilege level one.• Enable—Enable authentication grants access to a higher privilege level ifthe user credentials are validated for the higher privilege level. WhenRADIUS is used for enable authentication, the username for this request isalways $enab15$. The username used to log into the switch is not used forRADIUS enable authentication.• Dot1x—Dot1x authentication is used to grant an 802.1X supplicant accessto the network. For more information about 802.1X, see "Configuring Portand System Security" on page 503 .Table 10-2 shows the valid methods for each type of authentication:Table 10-2. Valid Methods for Authentication TypesMethod Login Enable Dot1xenable yes yes noias no no yesline yes yes nolocal yes no nonone yes yes yesradius yes yes yestacacs yes yes no