Owner's Manual
AAA Commands 59
Default Configuration
If the
default
list is not set, only the enable password is checked. This has the same effect as
the command
aaa authentication enable default enable
.
On the console, the enable password is used if it exists. If no password is set, the process still
succeeds. This has the same effect as using the command
aaa authentication enable default
enable none
.
Command Mode
Global Configuration mode
User Guidelines
The default and optional list names created with the
aaa authentication enable
command are
used with the
enable authentication
command.
Create a list by entering the
aaa
authentication enable
list-name method
command where
list-name
is any character string used to name this list. The
method
argument identifies the
list of methods that the authentication algorithm tries, in the given sequence.
The additional methods of authentication are used only if the previous method returns an
error, not if it fails. To ensure that the authentication succeeds even if all methods return an
error, specify
none
as the final method in the command line. Spaces cannot be used in the
string which defines the list-name.
NOTE: Make sure that the given sequence of authentication methods is sensible. For example, a
sequence where Radius follows None is not sensible because None requires no authentication and,
therefore, the process will never require Radius authentication.
All
aaa
authentication enable default
requests sent by the router to a RADIUS server include
the username "$enabx$.", where x is the requested privilege level.
Example
The following example sets authentication when accessing higher privilege levels.
login authentication
The
login authentication
line configuration command specifies the login authentication method
list for a remote telnet or console. To return to the default specified by the authentication login
command, use the
no
form of this command.
radius Uses the list of all RADIUS servers for authentication. Uses username
"$enabx$." where x is the privilege level.
Console (config)# aaa authentication enable default enable