Enable AAA Authentication
To enable AAA authentication, use the following command in the CONFIGURATION mode:
Command Syntax
aaa authentication enable
{
e |
method-list-nam
]
method4
If the default list is not set, only the local enable is checked. This has the same effect as issuing:
aaa authentication enable default enable
AAA Authentication—RADIUS
To enable authentication from the RADIUS server, and use TACACS as a backup, use the following
commands:
Step
Command Syntax
1
aaa authentication enable default radius
tacacs
2
radius-server host x.x.x.x key
some-password
3
tacacs-server host x.x.x.x key
some-password
To get enable authentication from the RADIUS server, and use TACACS as a backup, issue the following
commands:
FTOS(config)# aaa authentication enable default radius tacacs
Radius and TACACS server has to be properly setup for this.
FTOS(config)# radius-server host x.x.x.x key <some-password>
FTOS(config)# tacacs-server host x.x.x.x key <some-password>
To use local authentication for enable secret on console, while using remote authentication on VTY lines,
perform the following steps:
FTOS(config)# aaa authentication enable mymethodlist radius tacacs
FTOS(config)# line vty 0 9
FTOS(config-line-vty)# enable authentication mymethodlist
882
|
Security
}
[...
default
method1
Command Mode
Purpose
CONFIGURATION
•
•
•
Command Mode
CONFIGURATION
CONFIGURATION
CONFIGURATION
—Uses the listed authentication
default
methods that follow this argument as the
default list of methods when a user logs in.
e—Character string used to
method-list-nam
name the list of enable authentication methods
activated when a user logs in.
[...
]—Any of the following:
method1
method4
RADIUS, TACACS, enable, line, none.
Purpose
To enable RADIUS and to set up TACACS
as backup.
To establish host address and password.
To establish host address and password.