User Guidelines
•
The default and optional list names created with the aaa authentication login command are used with
the login authentication command.
•
Create a list by entering the aaa authentication login list-name method command for a particular
protocol, where list-name is any character string used to name this list. The method argument identifies
the list of methods that the authentication algorithm tries, in the given sequence.
•
The additional methods of authentication are used only if the previous method returns an error, not if
it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as
the final method in the command line.
Example
The following example configures the authentication login, so that user authentication is performed as
follows: Authentication is attempted at the RADIUS server. If the RADIUS server is not available,
authentication is attempted at the local user database. If there is no database, then no authentication is
performed.
Console(config)# aaa authentication login radius local none
aaa authentication enable
The aaa authentication enable Global Configuration mode command defines authentication method
lists for accessing higher privilege levels. Use the no form of this command to return to the default
configuration.
Syntax
•
aaa authentication enable {default | list-name} method1 [method2...]
•
no aaa authentication enable {default | list-name}
•
default — Uses the listed authentication methods that follow this argument as the default list of
methods, when using higher privilege levels.
•
list-name — Character string used to name the list of authentication methods activated, when
using access higher privilege levels. (Range: 1 - 12 characters)
•
method1 [method2...] — Specify at least one from the following table:
Keyword
enable
line
none
82
AAA Commands
Description
Uses the enable password for authentication.
Uses the line password for authentication.
Uses no authentication.