Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment5428 - SN Router
121122123124125126127128129130
9-16
Cisco SN 5428-2 Storage Router Software Configuration Guide
78-15471-01
Chapter 9 Configuring Authentication
Creating AAA Authentication Lists
Enable authentication
Use the commands in the following procedure to build a default list of AAA authentication services to
be used for Enable authentication. Building the default list completes the configuration of Enable
authentication and makes it immediately effective.
Because the enable command requires you to enter a password but does not allow you to enter a user
name, Enable authentication passes a fixed user name of $enab15$, along with the password you entered,
to a RADIUS or TACACS+ server for authentication purposes.
Note Local and local-case services cannot be used for Enable authentication.
Login authentication
Use the commands in the following procedure to build a default list of AAA authentication services to
be used for Login authentication. Building the default list completes the configuration of Login
authentication and makes it immediately effective.
Command Description
Step 1
enable Enter Administrator mode.
Step 2
aaa authentication enable
default group sysadmin enable
Create a default list of authentication services for Enable
authentication.
For example, create a list so that AAA first tries to perform
authentication using the TACACS+ servers in the group named
sysadmin. If no TACACS+ server is found, TACACS+ returns an
error and AAA attempts authentication using the configured
Administrator mode password. If the password you entered does
not match the configured Administrator mode password,
authentication fails and no other methods are attempted.
Command Description
Step 1
enable Enter Administrator mode.
Step 2
aaa authentication login default
group sysadmin monitor
Create a default list of authentication services for Login
authentication.
For example, create a list so that AAA first tries to perform
authentication using the TACACS+ servers in the group named
sysadmin. If no TACACS+ server is found, TACACS+ returns an
error and AAA attempts authentication using the configured
Monitor mode password (eliminating authentication of the user
name). If the password you entered does not match the configured
Monitor mode password, authentication fails and no other methods
are attempted.