Users Guide

Security Commands 932

NOTE: Requests sent by the switch to a RADIUS server include the username

“$enabx$”, where x is the requested privilege level in decimal. For enable to be

authenticated on RADIUS servers, add “$enabx$” users to them. The login user ID

is also sent to TACACS+ servers for enable authentication.

Example

The following example configures enable authentication to use the enable

method for accessing higher privilege levels.

console(config)# aaa authentication enable default enable

aaa authentication login

Use the aaa authentication login command in Global Configuration mode to

create and enable the authentication method required for administrative

access to the switch. To return to the default configuration and optionally

delete an authentication list, use the no form of this command.

Syntax

aaa authentication login {default | list-name} {method1 [method2...]}

no aaa authentication login {default | list-name}

• default — Uses the listed authentication methods that follow this

argument as the default list of methods when an administrator logs in.

• list-name — Character string used to name the list of authentication

methods activated when an administrator logs in to the switch. (Range: 1-

15 characters)

• method1

[

method2...

]

— Specify at least one from the following table:

Keyword Source or destination

enable Use the enable password for authentication.

line Use the line password for authentication.

local Use the local username database for authentication.

none Use no authentication.

radius Use the list of all RADIUS servers for authentication.

tacacs Use the list of all TACACS+ servers for authentication.