AAA Authentication Commands


-■ou-tcii' i--_-T.Triiz.cj) tt^.îiii mi-tlitrntI__ÎÎCI lcr-^jiii

I daf aul t I li jt-T.amci qjLrjuj.1 [ yi uUT>—[lient- I HHCLLUH | ticacat i [fflBthod? [flietiicdJ]]



-outer (ootfig) a'athje^-1J-C&t1-og-n ilefEuiC g^oup local line

© 2004 Cisco Systems, Inc. All rights reserved. bcran v2.1—11-7

The authentication login command in global configuration mode enables the AAA authentication process, as follows:

■ default: This command creates a default that is automatically applied to all lines and interfaces, specifying the method or sequence of methods for authentication.

■ list-name: This command creates a list, with a name of your choosing, that is applied explicitly to a line or interface using the method or methods specified. This defined list overrides the default when applied to a specific line or interface.

■ group {group-name | radius | tacacs+}: This method specifies the use of an AAA server. The group radius, group tacacs+ method refers to previously defined RADIUS or TACACS+ servers. The group-name string allows the use of a predefined group of RADIUS or TACACS+ servers for authentication (created with the aaa group server radius or aaa group server tacacs+ command).

■ [method2 [method3 [method4]]]: This command executes authentication methods in the listed order. If an authentication method returns an error, such as a timeout, the Cisco IOS software attempts to execute the next method. If the authentication fails, access is denied. You can configure up to four methods for each operation. The method must be supported by the authentication operation specified. A general list of methods includes:

— enable: Uses the enable password for authentication

— group: Uses server-group

— krb5: Uses Kerberos Version 5 for authentication

— line: Uses the line password for authentication

— local: Uses the local username and password database for authentication

— local-case: Uses case-sensitive local username authentication

— none: Uses no authentication

0 0

Post a comment