Name
aaa authentication login — global
Synopsis
aaa authentication login {default|listname}method ... method
no aaa authentication login
Configures
AAA authentication method for login
Default
local
Description
This command defines a named list of authentication methods that can
be used when a user logs into the device. The
listname parameter specifies the name of
the list; the login authentication command is used
to apply a list. default is a special list name;
the default list specifies the authentication
methods to be used by default (i.e., in the absence of explicit
login authentication commands).
method describes where to get the password
for authentication. If more than one method is listed, the methods
are tried in order until one succeeds or all have failed. The valid
methods are: enable,
krb5, line,
local, none,
radius, tacacs+, and
krb5-telnet.
Example
The following command defines the default list of login
authentication methods. Because this is the default list, it applies
to all users, even if there is no login
authentication command. The router first attempts
to use the tacacs+ method for authentication, then
the enable method. Therefore, the
enable password is used to authenticate users if
the device cannot contact the TACACS+ server.
! Set authentication for login aaa authentication login default tacacs+ enable none
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access