Table of Contents
Advertisement
Authentication Sequence
Three authentication methods can be specified to authenticate users logging into the
system for management access. The commands in this section can be used to
define the authentication method and sequence.
Command
authentication login
authentication enable
authentication login
This command defines the login authentication method and precedence. Use the no
form to restore the default.
Syntax
authentication login {[local] [radius] [tacacs]}
no authentication login
• local - Use local password.
• radius - Use RADIUS server password.
• tacacs - Use TACACS server password.
Default Setting
Local
Command Mode
Global Configuration
Command Usage
• RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort
delivery, while TCP offers a connection-oriented transport. Also, note that
RADIUS encrypts only the password in the access-request packet from the
client to the server, while TACACS+ encrypts the entire body of the packet.
• RADIUS and TACACS+ logon authentication assigns a specific privilege level
for each user name and password pair. The user name, password, and
privilege level must be configured on the authentication server.
• You can specify three authentication methods in a single command to indicate
the authentication sequence. For example, if you enter "authentication login
radius tacacs local," the user name and password on the RADIUS server is
verified first. If the RADIUS server is not available, then authentication is
attempted on the TACACS+ server. If the TACACS+ server is not available,
the local user name and password is checked.
Example
Console(config)#authentication login radius
Console(config)#
Table 4-31 Authentication Sequence
Function
Defines logon authentication method and precedence
Defines the authentication method and precedence for
command mode change
Authentication Commands
Mode
GC
GC
4
Page
4-103
4-104
4-103
- Quick Links:
- System Defaults
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
