Aaa Authentication Enable; Login Authentication - Planet Networking & Communication WGSW-24010 User Manual

3.3.2 aaa authentication enable

The aaa authentication enable global configuration command defines authentication method lists for accessing higher
privilege levels. To return to the default configuration use the no form of this command.
Syntax
aaa authentication enable {default | list-name} method1 [method2...]
no aaa authentication enable default
§ default — Uses the listed authentication methods that follow this argument as the default list of methods,when
using higher privilege levels.
§ list-name — Character string used to name the list of authentication methods activated, when using accesshigher
privilege levels.
§
method1 [method2...]—Specify at least one from the following table:
Keyword Source or destination
Enable Uses the enable password for authentication.
Line Uses the line password for authentication
None Uses no authentication
Uses the list of all radius servers for authentication. Uses username "$enabx$." Where x is
Radius
the privilege level
Uses the list of all TACACS+ servers for authentication. Uses username "$enabx$."
Tacacs
Where x is the privilege level.
Default Configuration
If the default list is not set, only the enable password is checked. This has the same effect as the command aaa
authentication enable default enable.
On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the
same effect as using the command aaa authentication enable default enable none .
Command Mode
Global Configuration mode
User Guidelines
The default and optional list names created with the aaa authentication enable command are used with the enable
authentication command.
Create a list by entering the aaa authentication enable list-name method command where list-name is any character
string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in
the given sequence.
The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that
the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
All aaa authentication enable default requests sent by the router to a RADIUS server include the username
"$enabx$.", where x is the requested privilege level.
Example
The following example sets authentication when accessing higher privilege levels.
console (config) # aaa authentication enable default enable

3.3.3 login authentication

The login authentication line configuration command specifies the login authentication method list for a remote telnet or
console. To return to the default specified by the authentication login command, use the no form of this command.
Syntax
login authentication {default | list-name}
13