Filter
Top Products
244 AAA Commands
Default Configuration
The default login lists are defaultList and networkList. defaultList is used by
the console and only contains the method
none
. networkList is used by telnet
and SSH and only contains the method
local
.
Command Mode
Global Configuration mode
User Guidelines
The default and optional list names created with the aaa authentication
login command are used with the login authentication command. Create a
list by entering the aaa authentication login
list-name method
command for
a particular protocol, where
list-name
is any character string used to name
this list. The
method
argument identifies the list of methods that the
authentication algorithm tries, in the given sequence.
The additional methods of authentication are attempted only if the previous
method returns an error, not if there is an authentication failure. Only the
RADIUS, TACACS+, local and enable methods can return an error. To
ensure that authentication succeeds even if all methods return an error,
specify none as the final method in the command line. For example, if none is
specified as an authentication method after radius, no authentication is used
if the RADIUS server is down. If specified, none must be the last method in
the list.
NOTE: Auth-Type:=Local doesn’t work for recent versions of FreeRadius.
FreeRadius ignores the configuration if Local is used. Administrators should remove
Auth-Type=Local and use the PAP or CHAP modules instead.
radius Uses the list of all RADIUS servers for authentication.
tacacs Uses the list of all TACACS+ servers for authentication.
Keyword Source or destination
2CSPC4.X8100-SWUM102.book Page 244 Friday, March 15, 2013 8:56 AM