Name
aaa authentication login — global
Synopsis
aaa authentication login {default |listname
}method
...method
no aaa authentication login
Configures
AAA authentication method for login
Default
local
Description
This command defines a named list of authentication methods that can be used when a user logs into the device. The listname
parameter specifies the name of the list; the login authentication
command is used to apply a list. default
is a special list name; the default
list specifies the authentication methods to be used by default (i.e., in the absence of explicit login authentication
commands). method
describes where to get the password for authentication. If more than one method is listed, the methods are tried in order until one succeeds or all have failed. The valid method
s are: enable
, krb5
, line
, local
, local-case
, none
, group radius
, group tacacs+
, and krb5-telnet
. The local-case
option uses case-sensitive local usernames.
Example
The following command defines the default list of login authentication methods. Because this is the default list, it applies to all users, even if there is no login authentication
command. The router first attempts to use the tacacs+
method for authentication, then the enable
method. Therefore, the enable
password is used to authenticate users if the device cannot contact the TACACS+ server.
! Set authentication for login aaa authentication login default group tacacs+ enable none
Get Cisco IOS in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.