K-89
User Guide for Cisco Security Manager 3.2
OL-16066-01
Appendix K Router Platform User Interface Reference
AAA Policy Page
• Understanding Method Lists, page 15-69
• AAA Server Group Dialog Box, page F-12
• Predefined AAA Authentication Server Groups, page 9-15
Field Reference
Table K-38 AAA Page—Authentication Tab
Element Description
Enable Device Login
Authentication
When selected, enables the authentication of all users when they log in to the
device, using the methods defined in the method list.
When deselected, authentication is not performed.
Prioritized Method List Defines a sequential list of methods to be queried when authenticating a user.
Enter the names of one or more AAA server group objects (up to four), or
click Select to display an Object Selectors, page F-593. Use the up and down
arrows in the object selector to define the order in which the selected server
groups should be used.
The device tries initially to authenticate users using the first method in the
list. If that method fails to respond, the device tries the next method, and so
on, until a response is received.
Supported methods include Line, Local, Kerberos, RADIUS, TACACS+,
and None.
Note If you select None as a method, it must appear as the last method in
the list.
Maximum Number of
Attempts
The maximum number of unsuccessful authentication attempts before a user
is locked out. This feature is disabled by default. Valid values range from 1
to 65535.
Note From the standpoint of the user, there is no distinction between a
normal authentication failure and an authentication failure due to
being locked out. The system administrator has to explicitly clear the
status of a locked-out user using clear commands.