Filter
Top Products
XG2000 series User's Guide
91/315
All Rights Reserved, Copyright (C) PFU LIMITED 2009
5.5.2 aaa authentication login
Function
Configure login authentication method.
Use the no form to return to the default setup.
Prompt
xg(config)#
Command syntax
aaa authentication login { console | ssh } { local | radius | tacacs } [{ local
|
none }]
no aaa authentication login { console | ssh }
Parameter
z { console | ssh }
Select a service to login.
− console
Configure the authentication method for serial console or telnet login.
− ssh
Configure the authentication method for SSH login.
z { local | radius | tacacs }
Specify the primary login method.
− local
Local authentication based on the account information stored in the device is used.
− radius
RADIUS authentication using PAP(User Password) is used.
− tacacs
TACACS+ authentication using PAP(User Password) is used.
z { local | none }
Specify the secondary login authentication method. Secondary login authentication is used
if primary login authentication is failed.
− local
Local authentication based on the account information stored in the device is used.
− none
Secondary login authentication is disabled.
This parameter is valid when RADIUS/TACACS+ is set as the primary login method.
When this parameter is omitted, "local" is specified.
Command type
Configuration command
Default
Primary login is local and Secondary login is none for all services
Note
z It is needed to register RADIUS/TACACS+ user accounts to XG2000, using "account" command, before enabling
RADIUS/TACACS+ authentication. XG2000 does not allow any account except for "admin" for the default
configuration.
z Before local authentication is disabled, It is recommended to test RADIUS/TACACS+ authentication under local
authentication is available.
Example
The following configuration enables RADIUS authentication as primary method and local authentication as secondary method
for SSH login authentication.
xg(config)# aaa authentication login ssh radius local