Specifications

ManualsBrandsCisco ManualsComputer equipmentAS5300 - Universal Access Server

111

112

113

114

115

116

117

118

119

120

Configuring Authentication

Cisco AS5300 Universal Access Server Software Configuration Guide

4-14

Authentication Method List Examples

This section shows some examples of authentication lists.

Authentication Method List Examples for Users Logging in to the Access Server

The following example creates a local authentication list for users logging in to any line on the access

server:

5300(config)# aaa authentication login default local

The following example specifies login authentication using RADIUS (the RADIUS daemon is

polled for authentication profiles):

5300(config)# aaa authentication login default radius

The following example specifies login authentication using TACACS+ (the TACACS+ daemon is

polled for authentication profiles):

5300(config)# aaa authentication login default tacacs+

Authentication List Examples for Dial-In Users Using ARA to Access Network Resources

The following example creates a local authentication list for Macintosh users dialing in to an

AppleTalk network through the access server:

5300(config)# aaa authentication arap default local

The following example specifies that Macintosh users dialing in to an AppleTalk network through

the access server be authenticated by a TACACS+ daemon:

5300(config)# aaa authentication arap default tacacs+

The following example creates an authentication method list that:

• Enables guest access if the guest has been authenticated at the EXEC facility

• Queries a TACACS+ daemon for authentication

• Polls the line (login) authentication password if the TACACS+ server has no information about

the user or if no TACACS+ server on the network responds

• Uses the local security database if there is no line password

5300(config)# aaa authentication arap default auth-guest tacacs+ line local

Authentication Method List Examples for Users Dialing In Using PPP

The following example creates a TACACS+ authentication list for users connecting to interfaces

configured for dial-in using PPP. The name of the list is marketing. This example specifies that a

remote TACACS+ daemon be used as the security database. If this security database is not available,

the Cisco IOS software then polls the RADIUS daemon. Users are not authenticated if they are

already authenticated on a tty line.

5300(config)# aaa authentication ppp marketing if-needed tacacs+ radius

In this example, default can be substituted for marketing if the administrator wants this list to be

the default list.