Reference Guide
Methods configured with the aaa authentication enable command are
evaluated in the order they are configured. If authentication fails using the primary
method, the system employs the second method (or third method, if necessary)
automatically. For example, if the TACACS+ server is reachable, but the server key
is invalid, the system proceeds to the next authentication method. The TACACS+ is
incorrect, but the user is still authenticated by the secondary method.
Related
Commands
enable password — changes the password for the enable command.
login authentication — enables AAA login authentication on the terminal lines.
password — creates a password.
radius-server host — specifies a RADIUS server host.
tacacs-server host — specifies a TACACS+ server host.
aaa authentication login
Configure AAA Authentication method lists for user access to EXEC mode (Enable log-in).
C9000 Series
Syntax
aaa authentication login {method-list-name | default} method
[... method4]
To return to the default setting, use the no aaa authentication login
{method-list-name | default} command.
Parameters
method-list-name Enter a text string (up to 16 characters long) as the name of
a user-configured method list that can be applied to
different lines.
default Enter the keyword default to specify that the method list
specified is the default method for all terminal lines.
method Enter one of the following methods:
• enable: use the password the enable password
command defines in CONFIGURATION mode. Not
available if role-only is in use.
• line: use the password the password command
defines in LINE mode. Not available if role-only is in use.
• local: use the password for the userid contained in the
local password database.
• none: no authentication. Not available if role-only is in
use.
• radius: use the RADIUS servers configured with the
radius-server host command.
Security
1813