Administrator Guide
Security Commands 866
NOTE: Requests sent by the switch to a RADIUS server include the username
"$enabx$", where x is the requested privilege level. For enable to be authenticated
on Radius servers, add "$enabx$" users to them. The login user ID is also sent to
TACACS+ servers for enable authentication.
Example
The following example sets authentication when accessing higher privilege
levels.
console(config)# aaa authentication enable default enable
aaa authentication login
Use the aaa authentication login command in Global Configuration mode to
create and enable the authentication method required for administrative
access to the switch. To return to the default configuration and optionally
delete an authentication list, use the no form of this command.
Syntax
aaa authentication login {default |
list-name
}
method1
[
method2...
]
no aaa authentication login {default |
list-name
}
•
default
— Uses the listed authentication methods that follow this
argument as the default list of methods when an administrator logs in.
•
list-name
— Character string used to name the list of authentication
methods activated when an administrator logs in to the switch. (Range: 1-
15 characters)
•
method1
[
method2
...
]
— Specify at least one from the following table:
Keyword Source or destination
enable Use the enable password for authentication.
line Use the line password for authentication.
local Use the local username database for authentication.
none Use no authentication.
radius Use the list of all RADIUS servers for authentication.
tacacs Use the list of all TACACS+ servers for authentication.
2CSNXXX_SWUM204.book Page 866 Monday, January 25, 2016 1:25 PM