Switch User Manual
AAA Commands 67
Default Configuration
If the
default
list is not set, only the enable password is checked. This has the same effect as
the command
aaa authentication enable default enable
.
On the console, the enable password is used if it exists. If no password is set, the process still
succeeds. This has the same effect as using the command
aaa authentication enable default
enable none
.
Command Mode
Global Configuration mode
User Guidelines
• The default and optional list names created with the
aaa authentication enable
command are
used with the
enable authentication
command.
• Create a list by entering the
aaa
authentication enable
list-name method
command where
list-name
is any character string used to name this list. The
method
argument identifies the
list of methods that the authentication algorithm tries, in the given sequence.
• The additional methods of authentication are used only if the previous method returns an
error, not if it fails. To ensure that the authentication succeeds even if all methods return an
error, specify
none
as the final method in the command line.
•All
aaa
authentication enable default
requests sent by the device to a RADIUS or TACACS
server include the username "$enab15$".
Example
The following example sets authentication when accessing higher privilege levels.
login authentication
The
login authentication
Line Configuration mode command specifies the login authentication
method list for a remote telnet, SSH or console. To return to the default specified by the
authentication login command, use the
no
form of this command.
Syntax
login authentication
{
default
|
list-name
}
no login authentication
•
default
—Uses the default list created with the
authentication login
command.
•
list-name
—Uses the indicated list created with the
authentication login
command.
Console (config)# aaa authentication enable default enable