Security | 477
Configure AAA Authentication Login Methods
To configure an authentication method and method list, use these commands in the following sequence in
CONFIGURATION mode:
To view the configuration, use the show config command in LINE mode or the show running-config command
in EXEC Privilege mode.
You can create multiple method lists and assign them to different terminal lines.
Step Command Syntax Command Mode Purpose
1
aaa authentication login
{method-list-name | default} method1
[...method4]
CONFIGURATION Define an authentication method-list
(method-list-name) or specify the default.
The default method-list is applied to all
terminal lines.
Possible methods are:
•
enable—use the password defined by the
enable secret or enable password
command in CONFIGURATION mode.
•
line—use the password defined by the
password command in LINE mode.
• local—use the username/password
database defined in the local
configuration.
• none—no authentication.
• radius—use the RADIUS server(s)
configured with the radius-server host
command.
• tacacs+—use the TACACS+ server(s)
configured with the tacacs-server host
command
2
line {aux 0 | console 0 | vty number
[... end-number]}
CONFIGURATION Enter LINE mode.
3
login authentication {method-list-name |
default}
LINE Assign a method-list-name or the default list
to the terminal line.
FTOS Behavior: If you use a method list on the console port in which RADIUS or TACACS+ is the last
authentication method, and the server is not reachable, FTOS allows access even though the
username and password credentials cannot be verified. Only the console port behaves this way, and
does so to ensure that users are not locked out of the system in the event that network-wide issue
prevents access to these servers.
Note: Dell Force10 recommends that you use the none method only as a backup. This method
does not authenticate users. The none and enable methods do not work with secure shell (SSH).
To Next Page
Loading...
