Table of Contents
Advertisement
Command Reference Guide
Default Values
If the Enable mode password is used as an authentication method and the authentication request is going
to a RADIUS server, the user name $enabl15$is sent by default. If the request is going to a TACACS+
server, the user name used for login authentication is sent by default.
If no default methods list is configured, the unit uses the Enable mode password for authentication. If no
password is configured, consoles are allowed access (this prevents a lock-out condition).
Command History
Release 5.1
Release 11.1
Functional Notes
AAA authentication is an AAA service that helps verify user logins, user access to the Enable mode, and
port usage. Authentication works by verifying user credentials with those stored on a server. In AOS, AAA
authentication can verify a user's permission to access Enable mode by using the aaa authentication
enable default command to create the default method list that monitors user permissions.
Before AAA authentication method lists can be configured or applied, AAA must be enabled. To enable
AAA, use the command
Each AAA authentication method list relies on a combination of authentication methods. Each method
must be entered into the list in the order that they are to be performed. Although these methods can be
entered in any order, each can only be used once. The exception is the group <name> method that can be
entered multiple times to accommodate multiple configured server groups. If the unit fails to make a
connection with the first group listed, it will try the next group specified.
For security reasons, ADTRAN recommends that the local authentication method be used
instead of the none authentication method. Using the local authentication method
prevents unauthorized users from gaining access to the device during a period in which
the links to all authentication servers are down. The local user database contained within
the AOS device will always be available and serves as the last line of defense.
The type of method lists created using the aaa authentication enable default command is a default list. A
default list is one that is created and automatically applied to all line interfaces at the global level.
To use TACACS+ servers to perform Enable mode authentication, the TACACS+ servers must be
configured prior to creating the method list. You can configure all TACACS+ servers in the system using
the command
tacacs-server on page
command
tacacs-server host on page
use all TACACS+ servers for authentication by using the group tacacs+ method. If you only want to use
some of the available TACACS+ servers for authentication, you can create a named server group and add
the TACACS+ servers to the group. Server groups are created using the command
page 886
and servers are added to the group as outlined in the
3361.
60000CRG0-35E
Command was introduced.
The group tacacs+ command was added.
aaa on on page
889.
1357. You can configure individual TACACS+ servers using the
1358. Once the TACACS+ servers have been configured, you can
Copyright © 2012 ADTRAN, Inc.
Global Configuration Mode Command Set
aaa group server on
TACACS+ Group Command Set on page
868
- Quick Links:
- Basic Mode Command Set
Hide quick links:
Advertisement
Table of Contents
