Security | 539
aaa authentication login
Configure AAA Authentication method lists for user access to the EXEC mode (Enable log-in).
Syntax
aaa authentication login {method-list-name | default} method [... method4]
To return to the default setting, use the no aaa authentication login {method-list-name | default}
command.
Parameters
Default
Not configured (that is, no authentication is performed)
Command Modes
CONFIGURATION
Command
History
Usage
Information
By default, the locally configured username password is used. If you configure aaa authentication
login default
, FTOS uses the methods defined by this command for login instead.
Methods configured with the aaa authentication login command are evaluated in the order they are
configured. If users encounter an error with the first method listed, FTOS applies the next method
configured. If users fail the first method listed, no other methods are applied. The only exception is the
local method. If the user’s name is not listed in the local database, the next method is applied. If the
correct user name/password combination are not entered, the user is not allowed access to the switch.
After configuring the aaa authentication login command, to enable the authentication scheme on
terminal lines, configure the login authentication command.
method-list-name
Enter a text string (up to 16 characters long) as the name of a user-configured
method list that can be applied to different lines.
default Enter the keyword default to specify that the method list specified is the default
method for all terminal lines.
method
Enter one of the following methods:
•
enable - use the password defined by the enable password command in the
CONFIGURATION mode.
•
line - use the password defined by the password command in the LINE
mode.
•
local - use the user name/password defined by the in the local configuration.
•
none - no authentication.
•
radius - use the RADIUS server(s) configured with the radius-server host
command.
•
tacacs+ - use the TACACS+ server(s) configured with the tacacs-server
host command.
...
method4
(OPTIONAL) Enter up to four additional methods. In the event of a “no
response” from the first method, FTOS applies the next configured method (up
to four configured methods).
Version 8.3.16.1 Introduced on MXL 10/40GbE Switch IO Module
Note: If authentication fails using the primary method, FTOS employs the second method (or
third method, if necessary) automatically. For example, if the TACACS+ server is reachable,
but the server key is invalid, FTOS proceeds to the next authentication method. The
TACACS+ is incorrect, but the user is still authenticated by the secondary method.
To Next Page
Loading...
