CLI Reference Guide
AAA Commands 99
Default Configuration
If the
default
list is not set, only
none
, or no authentication is checked.
Command Mode
Global Configuration mode
User Guidelines
The default and optional list names created with the
aaa authentication login
command are
used with the
login authentication
command. Create a list by entering the
aaa
authentication login
list-name method
command for a particular protocol, where
list-name
is
any character string used to name this list. The
method
argument identifies the list of
methods that the authentication algorithm tries, in the given sequence.
The additional methods of authentication are used only if the previous method returns an
error, not if there is an authentication failure. To ensure that the authentication succeeds
even if all methods return an error, specify
none
as the final method in the command line. For
example, if
none
is specified as an authentication method after
radius
, no authentication is
used if the RADIUS server is down.
Example
The following example configures authentication login.
console(config)# aaa authentication login default radius local
enable none
enable authentication
Use the
enable authentication
command in Line Configuration mode to specify the
authentication method list when accessing a higher privilege level from a remote telnet or console.
To return to the default specified by the
enable authentication
command, use the
no
form of this
command.
Syntax
enable authentication
{
default
|
list-name
}
no enable authentication
•
default
—Uses the default list created with the
aaa authentication enable
command.
•
list-name
—Uses the indicated list created with the
aaaa authentication enable
command.
radius Uses the list of all RADIUS servers for authentication.
tacacs Uses the list of all TACACS+ servers for authentication.