C613-50631-01 Rev A Command Reference for IE340 Series 2362
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
AAA COMMANDS
AAA
AUTHENTICATION ENABLE DEFAULT GROUP TACACS+
aaa authentication enable default group
tacacs+
Overview This command enables privilege level authentication against a TACACS+ server.
Use the no variant of this command to disable privilege level authentication.
TACACS+ is not available in Secure Mode (see the crypto secure-mode command).
Syntax
aaa authentication enable default group tacacs+ [local] [none]
no aaa authentication enable default
Default Local privilege level authentication is enabled by default (aaa authentication
enable default local command).
Mode Global Configuration
Usage notes A user is configured on a TACACS+ server with a maximum privilege level. When
they enter the enable (Privileged Exec mode) command they are prompted for an
enable password which is authenticated against the TACACS+ server. If the
password is correct and the specified privilege level is equal to or less than the
users maximum privilege level, then they are granted access to that level. If the
user attempts to access a privilege level that is higher than their maximum
configured privilege level, then the authentication session will fail and they will
remain at their current privilege level.
NOTE: If both local and none are specified, you must always specify local first.
If the TACACS+ server goes offline, or is not reachable during enable password
authentication, and command level authentication is configured as:
• aaa authentication enable default group tacacs+
then the user is never granted access to Privileged Exec mode.
• aaa authentication enable default group tacacs+ local
then the user is authenticated using the locally configured enable password,
which if entered correctly grants the user access to Privileged Exec mode. If
no enable password is locally configured (enable password command),
then the enable authentication will fail until the TACACS+ server becomes
available again.
Parameter Description
local Use the locally configured enable password (enable password
command) for authentication.
none No authentication.
To Next Page
Loading...
Need help?
General
