Manualshelf

Technical data

ManualsBrandsCisco ManualsComputer equipment1604 - 1604 Bridge/router
151152153154155156157158159160
7-12 Dial Solutions Quick Configuration Guide
Configuring Authentication
However, if authentication fails using the first method listed, the Cisco IOS software does not permit
access. It does not attempt to authenticate using the subsequent security methods if the user entered
the incorrect password.
5. Populate the Local Username Database if Necessary
If you specify local as the security method, you must specify username profiles for each user who
might log in. An example of specifying local authentication is as follows:
2511(config)# aaa authentication login deveng local
This command specifies that any time a user attempts to log in to a line on an access server, the Cisco
IOS software checks the username database. To create a local username database, define username
profiles using the username global configuration command.
The following example shows how to use the username command for a user jnieters with password
n1vriti:
2511(config)# username jnieters password n1vriti
The show running-config command shows the encrypted version of the password, as follows:
2511# show running-config
Building configuration...
Current configuration:
!
version 12.0
! most of config omitted
username jnieters password 7 0215055500070C294D
Note The Cisco IOS software adds the encryption type of 7 automatically for passwords. If you
were to manually enter the number 7 to represent an encryption type, you must follow the 7 with the
encrypted version of the password. If you specify the number 7, then enter a cleartext password, the
user will not have access to the line, interface, or the network they are trying to access, and you must
reconfigure the user’s authentication profile.
Authentication Method List Examples
This section shows some examples of authentication lists.
Authentication Method List Examples for Users Logging in to the Access Server
The following example creates a local authentication list for users logging in to any line on the access
server.
2511(config)# aaa authentication login default local
The following example specifies login authentication using RADIUS (the RADIUS daemon is
polled for authentication profiles):
2511(config)# aaa authentication login default radius
The following example specifies login authentication using TACACS+ (the TACACS+ daemon is
polled for authentication profiles):
2511(config)# aaa authentication login default tacacs+