AAA Commands 149
Default Configuration
The default enable list is “enableList.” It is used by console, telnet, and SSH and only contains
the method
none
.
Command Mode
Global Configuration mode
User Guidelines
The default and optional list names created with the aaa authentication enable command are
used with the enable authentication command.
Create a list by entering the aaa authentication enable
list-name method
command where
list-
name
is any character string used to name this list. The
method
argument identifies the list of
methods that the authentication algorithm tries in the given sequence.
The additional methods of authentication are used only if the previous method returns an error,
not if it fails. To ensure that the authentication succeeds even if all methods return an error,
specify none as the final method in the command line. Note that enable will not succeed for a
level one user if no authentication method is defined. A level one user must authenticate to get
to privileged EXEC mode. For example, if none is specified as an authentication method after
radius, no authentication is used if the RADIUS server is down.
NOTE: Requests sent by the switch to a RADIUS server include the username “$enabx$”, where x is the
requested privilege level. For enable to be authenticated on RADIUS servers, add “$enabx$” users to
them. The login user ID is now sent to TACACS+ servers for enable authentication.
Example
The following example sets authentication when accessing higher privilege levels.
console(config)# aaa authentication enable default enable
aaa authentication login
Use the aaa authentication login command in Global Configuration mode to set
authentication at login. To return to the default configuration, use the no form of this
command.
none Uses no authentication.
radius Uses the list of all RADIUS servers for authentication.
tacacs Uses the list of all TACACS+ servers for authentication.
Keyword Source or destination
To Next Page
Loading...
