User's Manual
89
Enabling Password Protection at the Privileged Level
Use the aaa authentication enable default command to create a series of authentication methods that are used
to determine whether a user can access the privileged EXEC command level. You can specify up to four
authentication methods. The additional methods of authentication are used only if the previous method returns
an error, not if it fails. To specify that the authentication should succeed even if all methods return an error,
specify none as the final method in the command line. Use the following command in global configuration
mode:
Command Purpose
aaa authentication enable default
method1
[method2...]
Enables user ID and password checking for
users requesting privileged EXEC level.
The method argument refers to the actual list of methods the authentication algorithm tries, in the sequence
entered.
The following table lists the supported enable authentication methods:
Keyword Notes
enable Uses the enable password for authentication.
group group-name Uses named server group for authentication.
group radius Uses RADIUS authentication.
group tacacs+ Uses tacacs+ for authentication.
line Uses the line password for authentication.
none Passes the authentication unconditionally.
When configuring enable authentication method as the remote authentication, use RADIUS for authentication.
Do as follows:
(5) Uses RADIUS for enable authentication:
The user name for authentication is $ENABLElevel$; level is the privileged level the user
enters, that is, the number of the privileged level after enable command. For instance, if the
user wants to enter the privileged level 7, enter command enable 7; if configuring RADIUS
for authentication, the user name presenting to Radius-server host is $ENABLE7$; the
privileged level of enable is 15 by default, that is, the user name presenting to Radius-server
host in using RADIUS for authentication is $ENABLE15$. The user name and the password
need to configured on Radius-server host in advance. The point is that in user database of
Radius-server host, the Service-Type of the user specifying the privileged authentication is
6, that is, Admin-User.