Owners manual
DGS-1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide
95
No AAA authentication method list is configured.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 15.
Usage Guideline
Use this command to configure the authentication method list used for login authentication. Multiple
method lists can be configured. The default keyword is used to define the default method list.
If authentication uses the default method list but the default method list does not exist, then the
authentication will be performed via the local database.
The login authentication authenticates the login user name and password, and also assigns the privilege
level to the user based on the database.
A method list is a sequential list describing the authentication methods to be queried in order to
authenticate a user. Method lists enable you to designate one or more security protocols to be used for
authentication, thus ensuring a backup system for authentication in case the initial method fails. The
switch system uses the first listed method to authenticate users. If that method fails to respond, the switch
system selects the next authentication method listed in the method list. This process continues until there
is successful communication with a listed authentication method or all methods defined in the method list
are exhausted.
It is important to note that the switch system attempts authentication with the next listed authentication
method only when there is no response from the previous method. If authentication fails at any point in
this cycle, meaning that the security server or local username database responds by denying the user
access, the authentication process stops and no other authentication methods are attempted.
Example
This example shows how to set the default login methods list for authenticating of login attempts.
Switch#configure terminal
Switch(config)# aaa authentication login default group group2 local
Switch(config)#
8-9 aaa authentication mac-auth
This command is used to configure the default method list used for MAC authentication. Use the no
command to remove the default method list.
aaa authentication mac-auth default METHOD1 [METHOD2...]
no aaa authentication mac-auth default
Parameters
METHOD1 [METHOD2...]
Specifies the list of methods that the authentication algorithm tries in
the given sequence. Enter at least one method or enter up to four
methods. The following are keywords that can be used to specify a
method.
local – Specifies to use the local database for authentication.
group radius – Specifies to use the servers defined by the RADIUS
server host command.
group GROUP-NAME – Specifies to use the server groups defined by