Chapter 8
| Authentication Commands
Authentication Sequence
Authentication Sequence
authentication enable
Example
This example shows the privilege level for any command modified by the
command.
Console#show privilege command
privilege line all level 0 accounting
privilege exec level 15 ping
Console(config)#
Three authentication methods can be specified to authenticate users logging into
the system for management access. The commands in this section can be used to
define the authentication method and sequence.
Table 39: Authentication Sequence Commands
Command
authentication enable
authentication login
This command defines the authentication method and precedence to use when
changing from Exec command mode to Privileged Exec command mode with the
enable
command. Use the no form to restore the default.
Syntax
authentication enable {[local] [radius] [tacacs]}
no authentication enable
local - Use local password only.
radius - Use RADIUS server password only.
tacacs - Use TACACS server password.
Default Setting
Local
Command Mode
Global Configuration
Command Usage
◆
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery,
while TCP offers a connection-oriented transport. Also, note that RADIUS
encrypts only the password in the access-request packet from the client to the
server, while TACACS+ encrypts the entire body of the packet.
Function
Defines the authentication method and precedence for
command mode change
Defines logon authentication method and precedence
– 222 –
privilege
Mode
GC
GC