Table of Contents
Advertisement
XG2000 series User's Guide
5.5.2 aaa authentication login
Function
Configure login authentication method.
Use the no form to return to the default setup.
Prompt
xg(config)#
Command syntax
aaa authentication login { console | ssh } { local | radius | tacacs } [{ local |
none }]
no aaa authentication login { console | ssh }
Parameter
{ console | ssh }
Select a service to login.
−
−
{ local | radius | tacacs }
Specify the primary login method.
−
−
−
{ local | none }
Specify the secondary login authentication method. Secondary login authentication is used
if primary login authentication is failed.
−
−
This parameter is valid when RADIUS/TACACS+ is set as the primary login method.
When this parameter is omitted, "local" is specified.
Command type
Configuration command
Default
Primary login is local and Secondary login is none for all services
Note
It is needed to register RADIUS/TACACS+ user accounts to XG2000, using "account" command, before enabling
RADIUS/TACACS+ authentication. XG2000 does not allow any account except for "admin" for the default
configuration.
Before local authentication is disabled, It is recommended to test RADIUS/TACACS+ authentication under local
authentication is available.
Example
The following configuration enables RADIUS authentication as primary method and local authentication as secondary method
for SSH login authentication.
xg(config)# aaa authentication login ssh radius local
console
Configure the authentication method for serial console or telnet login.
ssh
Configure the authentication method for SSH login.
local
Local authentication based on the account information stored in the device is used.
radius
RADIUS authentication using PAP(User Password) is used.
tacacs
TACACS+ authentication using PAP(User Password) is used.
local
Local authentication based on the account information stored in the device is used.
none
Secondary login authentication is disabled.
All Rights Reserved, Copyright (C) PFU LIMITED 2009
91/315
Advertisement
Table of Contents
