C613-50631-01 Rev A Command Reference for IE340 Series 2366
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
AAA COMMANDS
AAA
AUTHENTICATION LOGIN
local is the default state for the default method list unless a named method list is
applied to that line by the login authentication command. You can reset it to the
default method list using the no aaa authentication login default command.
Mode Global Configuration
Usage notes When a user attempts to log in, the switch sends an authentication request to the
first authentication server in the method list. If the first server in the list is reachable
and it contains a username and password matching the authentication request,
the user is authenticated and the login succeeds. If the authentication server
denies the authentication request because of an incorrect username or password,
the user login fails. If the first server in the method list is unreachable, the switch
sends the request to the next server in the list, and so on.
For example, if the method list specifies group tacacs+ local, and a user attempts
to log in with a password that does not match a user entry in the first TACACS+
server, if this TACACS+ server denies the authentication request, then the switch
does not try any other TACACS+ servers nor the local user database; the user login
fails.
Examples To configure the default authentication method list for user login to first use all
available RADIUS servers for user login authentication, and then use the local user
database, use the following commands:
awplus# configure terminal
awplus(config)# aaa authentication login default group radius
local
To configure the default authentication method list for user login to first use all
available LDAP servers for user login authentication, and then use the local user
database, use the following commands:
awplus# configure terminal
awplus(config)# aaa authentication login default group ldap
local
To configure a user login authentication method list called ‘USERS’ to first use the
RADIUS server group ‘RAD_GROUP1’ for user login authentication, and then use
the local user database, use the following commands:
awplus# configure terminal
awplus(config)# aaa authentication login USERS group RAD_GROUP1
local
To configure a user login authentication method list called ‘USERS’ to first use the
TACACS+ servers for user login authentication, and then use the local user
database, use the following commands:
awplus# configure terminal
awplus(config)# aaa authentication login USERS group tacacs+
local
To Next Page
Loading...
Need help?
General
