Users Guide

Security Commands 874

To ensure that the authentication succeeds even if all methods return an

error, specify none as the final method in the command line. Note that enable

will not succeed for a privilege level one administrator if no authentication

method is defined. A privilege level one administrator must authenticate to

get to Privileged Exec mode.

NOTE: Requests sent by the switch to a RADIUS server include the username

“$enabx$”, where x is the requested privilege level in decimal. For enable to be

authenticated on RADIUS servers, add “$enabx$” users to them. The login user ID

is also sent to TACACS+ servers for enable authentication.

Example

The following example configures enable authentication to use the enable

method for accessing higher privilege levels.

console(config)# aaa authentication enable default enable

aaa authentication login

Use the aaa authentication login command in Global Configuration mode to

create and enable the authentication method required for administrative

access to the switch. To return to the default configuration and optionally

delete an authentication list, use the no form of this command.

Syntax

aaa authentication login {default | list-name} {method1 [method2...]}

no aaa authentication login {default | list-name}

• default — Uses the listed authentication methods that follow this

argument as the default list of methods when an administrator logs in.

• list-name — Character string used to name the list of authentication

methods activated when an administrator logs in to the switch. (Range: 1-

15 characters)

• method1

[

method2...

]

— Specify at least one from the following table:

Keyword Source or destination

enable Use the enable password for authentication.

line Use the line password for authentication.