Filter
Top Products
Version Description
9.5(0.1) Added support for roles on the Z9500.
9.5(0.0) Added support for roles on the Z9000, S6000, S4820T,
S4810, MXL
9.2(1.0) Introduced on the Z9500.
8.3.19.0 Introduced on the S4820T.
8.3.11.1 Introduced on the Z9000.
8.3.7.0 Introduced on the S4810.
7.6.1.0 Introduced on the S-Series.
7.5.1.0 Introduced on the C-Series.
6.2.1.0 Introduced on the E-Series.
Usage
Information
By default, the locally configured username password is used. If you configure aaa
authentication login default, the system uses the methods this command
defines for login instead.
Methods configured with the aaa authentication login command are
evaluated in the order they are configured. If users encounter an error with the first
method listed, the system applies the next method configured. If users fail the first
method listed, no other methods are applied. The only exception is the local
method. If the user’s name is not listed in the local database, the next method is
applied. If the correct user name/password combination is not entered, the user is
not allowed access to the switch.
NOTE: If authentication fails using the primary method, the system employs
the second method (or third method, if necessary) automatically. For example,
if the TACACS+ server is reachable, but the server key is invalid, the system
proceeds to the next authentication method. The TACACS+ is incorrect, but
the user is still authenticated by the secondary method.
After configuring the aaa authentication login command, configure the
login authentication command to enable the authentication scheme on
terminal lines.
Connections to the SSH server work with the following login mechanisms: local,
radius, and tacacs.
Related
Commands
login authentication — enables AAA login authentication on the terminal lines.
password — creates a password.
radius-server host — specifies a RADIUS server host.
tacacs-server host — specifies a TACACS+ server host.
Security
1613