Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentAS5800
161162163164165166167168169170
Table Of Contents
4-32
Cisco AS5800 Operations, Administration, Maintenance, and Provisioning Guide
DOC-7810814=
Chapter 4 Administration
Access Service Security
If authentication fails using the first method listed, the Cisco IOS software does not permit access. It
does not attempt to authenticate using the subsequent security methods if the user entered the incorrect
password.
Populate the Local Username Database if Necessary
If you specify local as the security method, you must specify username profiles for each user who might
log in. An example of specifying local authentication is as follows:
5800-1(config)# aaa authentication login deveng local
This command specifies that anytime a user attempts to log in to a line on an Cisco AS5800, the
Cisco IOS software checks the username database. To create a local username database, define username
profiles using the username global configuration command.
The following example shows how to use the username command and password:
5800-1(config)# username username password password
The show running-config command shows the encrypted version of the password, as follows:
5800-1# show running-config
Building configuration...
Current configuration:
!
version x AA
! most of config omitted
username xxx password 7 0215055500070C294D
Note The Cisco IOS software adds the encryption type of 7 automatically for passwords. If you
were to manually enter the number 7 to represent an encryption type, you must follow the
7 with the encrypted version of the password. If you specify the number 7, enter a cleartext
password, the user will not have access to the line, interface, or the network the user is
trying to access, and you must reconfigure the users authentication profile.
Authentication Method List Examples
This section includes authentication method list examples for:
Users Logging In to the Cisco AS5800
Users Dialing In Using PPP
Users Logging In to the Cisco AS5800
The following example creates a local authentication list for users logging in to any line on the
Cisco AS5800:
5800-1(config)# aaa authentication login default local
The following example specifies login authentication using RADIUS (the RADIUS daemon is polled for
authentication profiles):
5800-1(config)# aaa authentication login default radius
The following example specifies login authentication using TACACS+ (the TACACS+ daemon is
polled for authentication profiles):
5800-1(config)# aaa authentication login default tacacs+