aaa authentication login — global


aaa authentication login {default|listname}method ... method
no aaa authentication login 


AAA authentication method for login




This command defines a named list of authentication methods that can be used when a user logs into the device. The listname parameter specifies the name of the list; the login authentication command is used to apply a list. default is a special list name; the default list specifies the authentication methods to be used by default (i.e., in the absence of explicit login authentication commands). method describes where to get the password for authentication. If more than one method is listed, the methods are tried in order until one succeeds or all have failed. The valid methods are: enable, krb5, line, local, none, radius, tacacs+, and krb5-telnet.


The following command defines the default list of login authentication methods. Because this is the default list, it applies to all users, even if there is no login authentication command. The router first attempts to use the tacacs+ method for authentication, then the enable method. Therefore, the enable password is used to authenticate users if the device cannot contact the TACACS+ server.

! Set authentication for login
aaa authentication login default tacacs+ enable none

Get CISCO IOS in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.