194 AAA Commands
Create a list by entering the aaa authentication enable
list-name method
command where
list-name
is any character string used to name this list. The
method
argument identifies the list of methods that the authentication
algorithm tries in the given sequence.
The additional methods of authentication are used only if the previous
method returns an error, not if it fails. To ensure that the authentication
succeeds even if all methods return an error, specify none as the final method
in the command line. Note that enable will not succeed for a level one user if
no authentication method is defined. A level one user must authenticate to
get to privileged EXEC mode. For example, if none is specified as an
authentication method after radius, no authentication is used if the RADIUS
server is down.
NOTE: Requests sent by the switch to a RADIUS server include the username
"$enabx$", where x is the requested privilege level. For enable to be authenticated
on Radius servers, add "$enabx$" users to them. The login user ID is now sent to
TACACS+ servers for enable authentication.
Example
The following example sets authentication when accessing higher privilege
levels.
console(config)# aaa authentication enable default
enable
aaa authentication login
Use the aaa authentication login command in Global Configuration mode to
set authentication at login. To return to the default configuration, use the no
form of this command.
Syntax
aaa authentication login {default|
list-name
}
method1
[
method2...
]
no aaa authentication login {default|
list-name
}
•
default
— Uses the listed authentication methods that follow this
argument as the default list of methods when a user logs in.
•
list-name
— Character string used to name the list of authentication
methods activated when a user logs in. (Range: 1-12 characters)
