5000 Series Layer 2/3 Managed Data Center Switch CLI Reference Guide
58
•
deny: This method is used to deny access.
•
enable: The enable password is used for authentication.
•
line: The line password is used for authentication.
•
none: No authentication is used.
•
radius: The list of all RADIUS servers is used for authentication.
•
tacacs: The list of all servers is used for authentication.
Default
This default is default.
Command Mode
Global Config
Example
The following example sets authentication when a user is accessing higher privilege levels.
(switch)(config)# aaa authentication enable default enable
aaa authentication login
This command is used to set authentication at login. The default and optional list names created with the
aaa authentication login
command can be used with the command initially. The user can create a list by
entering the
aaa authentication login list-name method
command, where the
list-name
is any string of
characters used to name the list. The list of methods that the authentication algorithm tries is tried in the
sequence in which they are identified in the
method
argument.
Each successive method of authentication in the list is only used if the previous method returns an error,
not in the event that there is an authentication failure. If the user wishes to ensure that the authentication
succeeds even if an error is returned by all the methods, the user should specify
none
as the final
method in the command line. For example, if
none
is specifically indicated as an authentication method
after
radius
, then no authentication is used in the event that the RADIUS server is down.
The
no
command is used to return to the default setting.
aaa authentication login {default | list-name} method1 [method2…]
no aaa authentication login {default | list-name}
Parameters
default
The default Authentication List. For telnet/SSH, the default list is
'networkList'.
list-name
Indicates the string of characters of up to 15 characters in length that is
used to name the list of authentication methods that are activated when
a user logs in.
method1...[method2…]
Indicates that at least one of the following methods will be used:
•
enable: The enable password is used for authentication.
•
line: The line password is used for authentication.