Command Line Reference Guide
Version Description
7.5.1.0 Introduced on the C-Series.
6.2.1.0 Introduced on the E-Series.
Usage
Information
By default, the locally configured username password is used. If you configure aaa
authentication login default
, the system uses the methods this command
defines for login instead.
Methods configured with the aaa authentication login command are
evaluated in the order they are configured. If users encounter an error with the first
method listed, the system applies the next method configured. If users fail the first
method listed, no other methods are applied. The only exception is the local
method. If the user’s name is not listed in the local database, the next method is
applied. If the correct user name/password combination is not entered, the user is
not allowed access to the switch.
NOTE: If authentication fails using the primary method, the system employs
the second method (or third method, if necessary) automatically. For example,
if the TACACS+ server is reachable, but the server key is invalid, the system
proceeds to the next authentication method. The TACACS+ is incorrect, but
the user is still authenticated by the secondary method.
After configuring the aaa authentication login command, configure the
login authentication command to enable the authentication scheme on
terminal lines.
Connections to the SSH server work with the following login mechanisms: local,
radius, and tacacs.
Related
Commands
login authentication — enables AAA login authentication on the terminal lines.
password — creates a password.
radius-server host — specifies a RADIUS server host.
tacacs-server host — specifies a TACACS+ server host.
access-class
Restrict incoming connections to a particular IP address in a defined IP access control list (ACL).
Z9500
Syntax
access-class access-list-name
To delete a setting, use the no access-class command.
Parameters
access-list-
name
Enter the name of an established IP Standard ACL.
Security
1459