Cisco Nexus 9000 Series Configuration Manual page 42

Configuring Console Login Authentication Methods
Note If you perform a password recovery when remote authentication is enabled, local authentication becomes
enabled for console login as soon as the password recovery is done. As a result, you can log into the Cisco
NX-OS device through the console port using the new password. After login, you can continue to use local
authentication, or you can enable remote authentication after resetting the admin password configured at the
AAA servers. For more information about the password recovery process, see the Cisco Nexus 9000 Series
NX-OS Troubleshooting Guide.
Before you begin
Configure RADIUS, TACACS+, or LDAP server groups, as needed.
SUMMARY STEPS
1. configure terminal
2. aaa authentication login console {group group-list [none] | local | none}
3. exit
4. (Optional) show aaa authentication
5. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1 configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2 aaa authentication login console {group group-list [none]
| local | none}
Example:
switch(config)# aaa authentication login console
group radius
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
16
Purpose
Enters configuration mode.
Configures login authentication methods for the console.
The group-list argument consists of a space-delimited list
of group names. The group names are the following:
radius
Uses the global pool of RADIUS servers for
authentication.
named-group
Uses a named subset of RADIUS, TACACS+, or LDAP
servers for authentication.
The local method uses the local database for authentication,
and the none method specifies that no AAA authentication
be used.
The default console login method is local, which is used
when no methods are configured or when all the configured
methods fail to respond, unless fallback to local is disabled
for the console login.
Configuring AAA