Configure Authentication Method
The Total Access 5000 uses the following priority of authentication methods:
1. If enabled, the Total Access 5000 attempts to authenticate the user via Emergency Entry
NOTE
Use caution when disabling EEP. Prior to disabling EEP, considerations must
be given to options for recovery during conditions when all other
authentication methods deny access.
2. If enabled, the Total Access 5000 attempts to authenticate the user using the configured
3. If enabled, the Total Access 5000 attempts to authenticate the user using the configured
4. If enabled, the Total Access 5000 authenticates the user using the locally programmed
NOTE
If the Total Access 5000 connects to a TACACS+ server or, then, a RADIUS
server, and the server rejects the login attempt, the Total Access 5000 does not
proceed to the next authentication method. It rejects the login attempt. A
fallback to the next method occurs only if a timeout occurs on all servers of a
given protocol (TACACS+ or RADIUS).
To configure the authentication method(s) to be used, complete the following procedure:
1. From the Enable prompt, type configure terminal , and press E
2. From the Global Configuration prompt, type aaa authentication login default
65K510DEP08-1A
Section 3, Common Provisioning - Provision Authentication, Authorization, and Accounting (AAA)
Port (EEP). If EEP is not enabled or the username supplied is not a supported EEP user‐
name, the Total Access 5000 proceeds to the next step.
The EEP is a local authentication method that can be employed in scenarios where all
other authentication methods are unsuccessful. When EEP is enabled, the user can enter
a predetermined username CHALLENGE to gain access to the system. The user is then
presented a challenge key. The correct response to this challenge key can be acquired
from ADTRAN Technical Support. If the correct response is issued, then the user is
logged in with local Admin privileges.
When EEP is enabled and the CHALLENGE username is entered at the login prompt, the
network element presents the challenge key immediately, and does not request a
password. This is true regardless of how the authentication login method list is
configured.
TACACS+ server(s). If TACACS+ is not enabled or the Total Access 5000 is unable to
connect to a TACACS+ server, the Total Access 5000 proceeds to the next step.
RADIUS server(s). If RADIUS is not enabled or the Total Access 5000 is unable to connect
to a RADIUS server, the Total Access 5000 proceeds to the next step.
user accounts. If local authentication is not enabled, the Total Access 5000 rejects the
login attempt.
bal Configuration prompt.
group tacacs+ [group radius|local]
NTER
, and press E
NTER
.
to access the Glo‐
3-21