Specifications
config authen_login
Purpose Used to configure a user-defined or default method list of authentication methods for user login.
Syntax config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs |
tacacs+ | radius | server_group <string 15> | local | none}
Description This command will configure a user-defined or default method list of authentication methods for users logging
on to the Switch.The sequence of methods implemented in this command will affect the authentication result.
For example, if a user enters a sequence of methods like tacacs – xtacacs – local, the Switch will send an
authentication request to the first tacacs host in the server group. If no response comes from the server host,
the Switch will send an authentication request to the second tacacs host in the server group and so on, until
the list is exhausted.At that point, the Switch will restart the same sequence with the following protocol listed,
xtacacs. If no authentication takes place using the xtacacs list, the local account database set in the Switch is
used to authenticate the user.When the local method is used, the privilege level will be dependant on the local
account privilege configured on the Switch.
Successful login using any of these methods will give the user a “user” privilege only. If the user wishes to
upgrade his or her status to the administrator level, the user must implement the enable admin command,
followed by a previously configured password. (See the enable admin part of this section for more detailed
information, concerning the enable admin command.)
Parameters default – The default method list for access authentication, as defined by the user.The user may choose one or a
combination of up to four (4) of the following authentication methods:
tacacs – Adding this parameter will require the user to be authenticated using the TACACS protocol
from the remote TACACS server hosts of the TACACS server group list.
xtacacs – Adding this parameter will require the user to be authenticated using the XTACACS
protocol from the remote XTACACS server hosts of the XTACACS server group list.
tacacs+ – Adding this parameter will require the user to be authenticated using the TACACS+
protocol from the remote TACACS+ server hosts of the TACACS+ server group list.
radius - Adding this parameter will require the user to be authenticated using the RADIUS protocol
from the RADIUS server listed in the server group list.
server_group <string 15> - Adding this parameter will require the user to be authenticated using a
user-defined server group previously configured on the Switch.
local - Adding this parameter will require the user to be authenticated using the local user account
database on the Switch.
none – Adding this parameter will require no authentication to access the Switch.
method_list_name – Enter a previously implemented method list name defined by the user.The user may add
one, or a combination of up to four (4) of the following authentication methods to this method list:.
tacacs – Adding this parameter will require the user to be authenticated using the TACACS protocol
from a remote TACACS server.
xtacacs – Adding this parameter will require the user to be authenticated using the XTACACS
protocol from a remote XTACACS server.
radius - Adding this parameter will require the user to be authenticated using the RADIUS protocol
from a previously configured RADIUS server.
server_group <string 15> - Adding this parameter will require the user to be authenticated using a
user-defined server group previously configured on the Switch.
local - Adding this parameter will require the user to be authenticated using the local user account
database on the Switch.
none – Adding this parameter will require no authentication to access the Switch.
Note: Entering none or local as an authentication protocol will override any other authentication that follows it on a
method list or on thedefault method list.
Restrictions Only administrator-level users can issue this command.
Example usage:
To configure the user defined method list “Trinity” with authentication methods TACACS, XTACACS and local, in that order.
AT-9724TS:4# config authen_login method_list_name Trinity
method tacacs xtacacs local
Command: config authen_login method_list_name Trinity
method tacacs xtacacs local
S u c c e s s .
A T - 9 7 2 4 T S : 4 #
139
Allied Telesyn AT-9724TS High-Density Layer 3 Stackable Gigabit Ethernet Switch • Command Line Interface Reference Manual