C
HAPTER
24
| Authentication Commands
Authentication Sequence
– 814 –
authentication
enable
This command defines the authentication method and precedence to use
when changing from Exec command mode to Privileged Exec command
mode with the enable command. Use the no form to restore the default.
SYNTAX
authentication enable {[local] [radius] [tacacs]}
no authentication enable
local - Use local password only.
radius - Use RADIUS server password only.
tacacs - Use TACACS server password.
DEFAULT SETTING
Local
COMMAND MODE
Global Configuration
COMMAND USAGE
◆ RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort
delivery, while TCP offers a connection-oriented transport. Also, note
that RADIUS encrypts only the password in the access-request packet
from the client to the server, while TACACS+ encrypts the entire body
of the packet.
◆ RADIUS and TACACS+ logon authentication assigns a specific privilege
level for each user name and password pair. The user name, password,
and privilege level must be configured on the authentication server.
◆ You can specify three authentication methods in a single command to
indicate the authentication sequence. For example, if you enter
“authentication enable radius tacacs local,” the user name and
password on the RADIUS server is verified first. If the RADIUS server is
not available, then authentication is attempted on the TACACS+ server.
If the TACACS+ server is not available, the local user name and
password is checked.
EXAMPLE
Console(config)#authentication enable radius
Console(config)#
RELATED COMMANDS
enable password - sets the password for changing command modes (810)
To Next Page
Loading...
Need help?
General
