Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment5428 - SN Router
12345678910
12-9
Cisco SN 5428-2 Storage Router Software Configuration Guide
78-15471-01
Chapter 12 Command Line Interface Reference
aaa authentication login
If the Enable service is used, the user name is ignored and the password is authenticated against the
configured Administrator mode password. If the Monitor service is used, the user name is ignored and
the password is authenticated against the configured Monitor mode password.
Note AAA does not provide authentication for access via the GUI (using HTTP or HTTPS).
Use the show aaa command to display the current authentication lists.
In a cluster environment, AAA management functions are handled by a single storage router. To
determine which storage router is performing AAA management functions, issue the show cluster
command. If you issue the aaa authentication login command from a storage router that is not
performing AAA management functions, the CLI displays an informational message with the name of
the node that is currently handling those functions.
In Table 12-3, the group radius and group tacacs+ methods refer to all previously defined RADIUS or
TACACS+ servers; the group name method refers to a previously defined group of one or more RADIUS
or TACACS+ servers. Use the radius-server host and tacacs-server host commands to configure the
servers, and the aaa group server radius and aaa group server tacacs+ commands to create server
groups.
If the local authentication service is selected, the user name validation is not case-sensitive. If local-case
authentication service is selected, the user name validation is case-sensitive. The password validation for
both the local service and the local-case service is case-sensitive.
Examples The following example creates a default AAA authentication list to be used to perform Login
authentication. AAA first attempts to contact a RADIUS server. If no server is found, AAA returns an
error and authentication is performed by checking the local username database. If no match is found,
AAA performs authentication by checking the entered password against the configured Monitor mode
password.
[SN5428-2A]# aaa authentication login default group radius local monitor
Table 12-3 aaa authentication login default services
Keyword Description
enable Uses the configured Administrator mode password for authentication.
The user name is ignored.
group name Uses a named group of defined RADIUS or TACACS+ servers for
authentication.
group radius Uses the list of all RADIUS servers for authentication.
group tacacs+ Uses the list of all TACACS+ servers for authentication.
local Uses the local username database for authentication.
local-case Uses case-sensitive local username authentication.
monitor Uses the configured Monitor mode password for authentication. The user
name is ignored.
none Uses no authentication.