960 Command Reference for x230 Series Edge Switches C613-50055-01 REV A
AlliedWare Plusâ„¢ Operating System - Version 5.4.5-0.x
AAA COMMANDS
AAA
AUTHENTICATION ENABLE DEFAULT GROUP TACACS+
aaa authentication enable default group
tacacs+
Overview This command enables AAA authentication to determine the privilege level a user
can access for passwords authenticated against the TACACS+ server.
Use the no variant of this command to disable privilege level authentication.
Syntax
aaa authentication enable default group tacacs+ [local] [none]
no aaa authentication enable default
Default Local privilege level authentication is enabled by default (aaa authentication
enable default local command).
Mode Global Configuration
Usage A user is configured on a TACACS+ server with a maximum privilege level. When
they enter the enable (Privileged Exec mode) command they are prompted for an
enable password which is authenticated against the TACACS+ server. If the
password is correct and the specified privilege level is equal to or less than the
users maximum privilege level, then they are granted access to that level. If the
user attempts to access a privilege level that is higher than their maximum
configured privilege level, then the authentication session will fail and they will
remain at their current privilege level.
NOTE: If both local and none are specified, you must always specify local first.
If the TACACS+ server goes offline, or is not reachable during enable password
authentication, and command level authentication is configured as:
• aaa authentication enable default group tacacs+
then the user is never granted access to Privileged Exec mode.
• aaa authentication enable default group tacacs+ local
then the user is authenticated using the locally configured enable password,
which if entered correctly grants the user access to Privileged Exec mode. If
no enable password is locally configured (enable password command),
then the enable authentication will fail until the TACACS+ server becomes
available again.
Parameter Description
local Use the locally configured enable password ( enable password
command) for authentication.
none No authentication.
To Next Page
Loading...
Need help?
General
