Chapter 4 Command-Line Reference 4-47
Authentication methods may be specified in any order.
Default Setting
None
Command Mode
Global Configuration
Command Usage
■ RADIUS uses UDP while TACACS uses TCP. UDP only offers best effort
delivery, while TCP offers a connection-oriented transport. Also, note that
RADIUS encrypts only the password in the access-request packet from the
client to the server, while TACACS encrypts the entire body of the packet.
■ RADIUS and TACACS logon authentication can control management access
through the console port, a Web browser, or Telnet. These access options must
be configured on the authentication server.
■ RADIUS and TACACS logon authentication assigns a specific privilege level
for each user name and password pair. The user name, password, and privilege
level must be configured on the authentication server.
■ You can specify two or three authentication methods in a single command to
indicate the authentication sequence. For example, if you enter
authentication login radius local, the user name and password on
the RADIUS server is verified first. If the RADIUS server is not available, then
the local user name and password is checked.
Example
Related Commands
username – for setting the local user name and password (4-29)
Console(config)#authentication login radius
Console(config)#