Command Reference Guide

ManualsBrandsHP ManualsMoonshot SystemsHP Moonshot-45G Switch Module

User Account Commands

CLI Command Reference

September 2014 Page 73

HP Moonshot Switch Module CLI Command Reference

aaa authentication enable

Use this command to set authentication for accessing higher privilege levels. The default enable list is

enableList. It is used by console, and contains the method as enable followed by none.

A separate default enable list,

enableNetList, is used for Telnet and SSH users instead of enableList. This list

is applied by default for Telnet and SSH, and contains

enable followed by deny methods. In HP Moonshot

Switch Module, by default, the enable password is not configured. That means that, by default, Telnet and SSH

users will not get access to Privileged EXEC mode. On the other hand, with default conditions, a console user

always enter the Privileged EXEC mode without entering the

enable password.

The default and optional list names created with the

aaa authentication enable command are used with the

enable authentication command. Create a list by entering the aaa authentication enable list-name method

command where

list-name is any character string used to name this list. The method argument identifies the

list of methods that the authentication algorithm tries in the given sequence.

The user manager returns ERROR (not PASS or FAIL) for enable and line methods if no password is configured,

and moves to the next configured method in the authentication list. The method

none reflects that there is no

authentication needed.

The user will only be prompted for an enable password if one is required. The following authentication

methods do not require passwords:

1. none

2. deny

3. enable (if no enable password is configured)

4. line (if no line password is configured)

Example: See the examples below.

aaa authentication enable default enable none

b. aaa authentication enable default line none

c. aaa authentication enable default enable radius none

d. aaa authentication enable default line tacacs none

Examples a and b do not prompt for a password, however because examples c and d contain the radius and

tacacs methods, the password prompt is displayed.

If the login methods include only enable, and there is no enable password configured, then HP Moonshot

Switch Module does not prompt for a username. In such cases, HP Moonshot Switch Module only prompts for

a password. HP Moonshot Switch Module supports configuring methods after the local method in

authentication and authorization lists. If the user is not present in the local database, then the next configured

method is tried.

The additional methods of authentication are used only if the previous method returns an error, not if it fails.

To ensure that the authentication succeeds even if all methods return an error, specify

none as the final method

in the command line.

Use the command “show authorization methods” on page 76 to display information about the authentication

methods.