Name
aaa authentication login — global
Synopsis
aaa authentication login {default|listname
}method
...method
no aaa authentication login
Configures
AAA authentication method for login
Default
local
Description
This command defines a named list of authentication methods that can
be used when a user logs into the device. The
listname
parameter specifies the name of
the list; the login authentication
command is used
to apply a list. default
is a special list name;
the default
list specifies the authentication
methods to be used by default (i.e., in the absence of explicit
login authentication
commands).
method
describes where to get the password
for authentication. If more than one method is listed, the methods
are tried in order until one succeeds or all have failed. The valid
method
s are: enable
,
krb5
, line
,
local
, none
,
radius
, tacacs+
, and
krb5-telnet
.
Example
The following command defines the default list of login
authentication methods. Because this is the default list, it applies
to all users, even if there is no login
authentication
command. The router first attempts
to use the tacacs+
method for authentication, then
the enable
method. Therefore, the
enable
password is used to authenticate users if
the device cannot contact the TACACS+ server.
! Set authentication for login aaa authentication login default tacacs+ enable none
Get CISCO IOS in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.