A
UTHENTICATION
C
OMMANDS
3-57
Command Mode
Global Configuration
Command Usage
• RADIUS uses UDP while TACACS+ uses TCP. UDP only offers
best effort delivery, while TCP offers a connection-oriented
transport. Also, note that RADIUS encrypts only the password
in the access-request packet from the client to the server.
• RADIUS and TACACS+ logon authentication can control
management access via the console port, a Web browser, or
Telnet. These access options must be configured on the
authentication server.
• RADIUS and TACACS+ logon authentication assigns a specific
privilege level for each user name and password pair. The user
name, password, and privilege level must be configured on the
authentication server.
• You can specify three authentication methods in a single
command to indicate the authentication sequence. For
example, if you enter “authentication login radius tacacs
local,” the user name and password on the RADIUS server is
verified first. If the RADIUS server is not available, then
authentication is attempted on the TACACS+ server. If the
TACACS+ server is not available, the local user name and
password is checked.
Example
Related Commands
username (3-30) - for setting local user names and passwords
Console(config)#authentication login radius local
Console(config)#
b_mgmt.book Page 57 Tuesday, July 8, 2003 5:24 PM
To Next Page
Loading...
