Specifications
3-469
Cisco Wide Area Application Services Command Reference
OL-21611-01
Chapter 3 CLI Commands
(config) authentication login
To enable authentication privileges using the local, TACACS+, RADIUS, or Windows databases, and to
specify the order of the administrative login authentication, use the authentication login global
configuration command. In the following example, RADIUS is specified as the primary method,
TACACS+ as the secondary method, Windows as the third method, and the local database as the fourth
method. In this example, four login authentication methods are specified because the failover
server-unreachable feature is not enabled on the WAAS device.
WAE(config)# authentication login radius enable primary
WAE(config)# authentication login tacacs enable secondary
WAE(config)# authentication login windows-domain enable tertiary
WAE(config)# authentication login local enable quaternary
Note If you enable the failover server unreachable feature on the WAAS device, make sure that you
specify either TACACS+ or RADIUS as the primary scheme for authentication, and specify
local as the secondary scheme for authentication.
To enable authorization privileges using the local, TACACS+, RADIUS, or Windows databases, and to
specify the order of the administrative login authorization (configuration), use the authentication
configuration global configuration command.
Note Authorization privileges apply to console and Telnet connection attempts, secure FTP (SFTP)
sessions, and Secure Shell (SSH, Version 1 and Version 2) sessions.
We strongly recommend that you set the administrative login authentication and authorization
methods in the same order. For example, configure the WAAS device to use RADIUS as the
primary login method, TACACS+ as the secondary login method, Windows as the tertiary
method, and the local method as the quaternary method for both administrative login
authentication and authorization.
The following example shows that RADIUS is specified as the primary method, TACACS+ as the
secondary method, Windows as the third method, and the local database as the fourth method. In this
example, four login authorization (configuration) methods are specified because the failover
server-unreachable feature is not enabled on the WAAS device.
WAE(config)# authentication configuration radius enable primary
WAE(config)# authentication configuration tacacs enable secondary
WAE(config)# authentication configuration windows-domain enable tertiary
WAE(config)# authentication configuration local enable quaternary
Note If you enable the failover server unreachable feature on the WAAS device, make sure that you
specify either TACACS+ or RADIUS as the primary scheme for authorization (configuration),
and specify local as the secondary scheme for authorization (configuration).
The following example shows the resulting output of the show authentication command:
WAE# show authentication user
Login Authentication: Console/Telnet/Ftp/SSH Session
----------------------------- ------------------------------
local enabled (primary)
Windows domain enabled
Radius disabled
Tacacs+ disabled