Securing Access to Management Functions
December 2000 3 - 49
This command configures the device to use the local user accounts to authenticate attempts to access the
Privileged EXEC and CONFIG levels of the CLI.
Example 2: To configure the device to consult a RADIUS server first to authenticate attempts to access the
Privileged EXEC and CONFIG levels of the CLI, then consult the local user accounts if the RADIUS server is
unavailable, enter the following command:
BigIron(config)# aaa authentication enable default radius local
Syntax: [no] aaa authentication snmp-server | web-server | enable | login default <method1> [<method2>]
[<method3>] [<method4>] [<method5>] [<method6>] [<method7>]
The snmp-server | web-server | enable | login parameter specifies the type of access this authentication-
method list controls. You can configure one authentication-method list for each type of access.
NOTE: TACACS/TACACS+ and RADIUS are supported only with the enable and login parameters.
The <method1> parameter specifies the primary authentication method. The remaining optional <method>
parameters specify additional methods to try if an error occurs with the primary method. A method can be one of
the values listed in the Method Parameter column in the following table.
USING THE WEB MANAGEMENT INTERFACE
To configure an authentication-method list with the Web management interface, use the following procedure. This
example to causes the device to use a RADIUS server to authenticate attempts to log in through the CLI:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Select the Management
link to display the Management panel.
Table 3.7: Authentication Method Values
Method Parameter Description
line Authenticate using the password you configured for Telnet access. The
Telnet password is configured using the enable telnet password…
command. See “Setting a Telnet Password” on page 3-9.
enable Authenticate using the password you configured for the Super User
privilege level. This password is configured using the enable super-
user-password… command. See “Setting Passwords for Management
Privilege Levels” on page 3-10.
local Authenticate using a local user name and password you configured on
the device. Local user names and passwords are configured using the
username… command. See “Configuring a Local User Account” on
page 3-13.
tacacs Authenticate using the database on a TACACS server. You also must
identify the server to the device using the tacacs-server command.
tacacs+ Authenticate using the database on a TACACS+ server. You also must
identify the server to the device using the tacacs-server command.
radius Authenticate using the database on a RADIUS server. You also must
identify the server to the device using the radius-server command.
See “Configuring RADIUS Security” on page 3-33.
none Do not use any authentication method. The device automatically
permits access.
To Next Page
Loading...
Need help?
General
