Cisco Catalyst 2960-XR Security Configuration Manual page 68

Configuring TACACS+ Login Authentication
Command or Action
Step 3
aaa authentication login {default |
list-name} method1 [method2...]
Example:
Switch(config)# aaa
authentication login default
tacacs+ local
Step 4 line [console | tty | vty] line-number
[ending-line-number]
Example:
Switch(config)# line 2 4
Step 5 login authentication {default |
list-name}
Example:
Switch(config-line)# login
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
46
Purpose
Creates a login authentication method list.
• To create a default list that is used when a named list is not specified in the
login authentication command, use the default keyword followed by the
methods that are to be used in default situations. The default method list is
automatically applied to all ports.
• For list-name, specify a character string to name the list you are creating.
• For method1..., specify the actual method the authentication algorithm tries.
The additional methods of authentication are used only if the previous method
returns an error, not if it fails.
Select one of these methods:
• enable—Use the enable password for authentication. Before you can use this
authentication method, you must define an enable password by using the
enable password global configuration command.
• group tacacs+—Uses TACACS+ authentication. Before you can use this
authentication method, you must configure the TACACS+ server. For more
information, see the Identifying the TACACS+ Server Host and Setting the
Authentication Key, on page
• line —Use the line password for authentication. Before you can use this
authentication method, you must define a line password. Use the password
password line configuration command.
• local—Use the local username database for authentication. You must enter
username information in the database. Use the username password global
configuration command.
• local-case—Use a case-sensitive local username database for authentication.
You must enter username information in the database by using the username
name password global configuration command.
• none—Do not use any authentication for login.
Enters line configuration mode, and configures the lines to which you want to
apply the authentication list.
Applies the authentication list to a line or set of lines.
• If you specify default, use the default list created with the aaa authentication
login command.
• For list-name, specify the list created with the aaa authentication login
command.
Configuring TACACS+
43.
OL-29434-01