Filter
Top Products
AAA Commands 221
Create a list by entering the aaa authentication enable
list-name method
command where
list-name
is any character string used to name this list. The
method
argument identifies the list of methods that the authentication
algorithm tries in the given sequence.
The additional methods of authentication are used only if the previous
method returns an error, not if it fails to authenticate the user. Only the
RADIUS or TACACS methods can return an error. To ensure that the
authentication succeeds even if all methods return an error, specify none as
the final method in the command line. Note that enable will not succeed for
a level one user if no authentication method is defined. A level one user must
authenticate to get to privileged EXEC mode. For example, if none is
specified as an authentication method after radius, no authentication is used
if the RADIUS server is down.
NOTE: Requests sent by the switch to a RADIUS server include the username
"$enabx$", where x is the requested privilege level. For enable to be authenticated
on Radius servers, add "$enabx$" users to them. The login user ID is also sent to
TACACS+ servers for enable authentication.
Example
The following example sets authentication when accessing higher privilege
levels.
console(config)# aaa authentication enable default
enable
aaa authentication login
Use the aaa authentication login command in Global Configuration mode to
set the authentication method required for user at login. To return to the
default configuration, use the no form of this command.
Syntax
aaa authentication login {default |
list-name
}
method1
[
method2...
]
no aaa authentication login {default |
list-name
}
•
default
— Uses the listed authentication methods that follow this
argument as the default list of methods when a user logs in.
2CSPC4.XModular-SWUM200.book Page 221 Thursday, March 10, 2011 11:18 AM