Table of Contents
Advertisement
Command Reference Guide
local
group radius
group tacacs+
group <name>
Default Values
By default, AAA authentication login method lists are not defined. Once a default list is defined, it is
automatically applied to all line interfaces unless a named list is created and applied manually.
Command History
Release 5.1
Release 11.1
Functional Notes
AAA authentication is an AAA service that helps verify user logins, user access to the Enable mode, and
port usage. Authentication works by verifying user credentials with those stored on a server. In AOS, AAA
authentication can verify a user's permission to access the unit by using the aaa authentication login
command to create a method list that monitors user access permissions.
Before AAA authentication method lists can be configured or applied, AAA must be enabled. To enable
AAA, use the command
Each AAA authentication method list relies on a combination of authentication methods. Each method
must be entered into the list in the order that they are to be performed. Although these methods can be
entered in any order, each can only be used once. The exception is the group <name> method that can be
entered multiple times to accommodate multiple configured server groups. If the unit fails to make a
connection with the first group listed, it will try the next group specified.
For security reasons, ADTRAN recommends that the local authentication method be used
instead of the none authentication method. Using the local authentication method
prevents unauthorized users from gaining access to the device during a period in which
the links to all authentication servers are down. The local user database contained within
the AOS device will always be available and serves as the last line of defense.
60000CRG0-35E
Specifies using the local user name for authentication. User names must be
in the local user name database to use this method. User names are set
using the command
1373.
Specifies that all defined remote authentication dial-in user service
(RADIUS) servers are used for authentication. RADIUS servers must be
configured to use this method. Refer to the Functional Notes for more
information.
Specifies that all defined terminal access controller access-control system
plus (TACACS+) servers are used for authentication. TACACS+ servers
must be configured to use this method. Refer to the Functional Notes for
more information.
Specifies using a subset of TACACS+ or RADIUS servers for
authentication. Subsets are named server groups previously created using
the command
aaa group server on page
configured to use this method.
Command was introduced.
The group tacacs+ command was added.
aaa on on page
889.
Copyright © 2012 ADTRAN, Inc.
Global Configuration Mode Command Set
username <username> password <password> on page
886. A server group must be
872
- Quick Links:
- Basic Mode Command Set
Hide quick links:
Advertisement
Table of Contents
