Installation manual
4-101
SIGNAMAX LLC • www.signamax.eu
Authentication Sequence
Three authentication methods can be specified to authenticate users logging into the
system for management access. The commands in this section can be used to define the
authentication method and sequence.
authentication login
This command defines the login authentication method and precedence. Use the no form
to restore the default.
Syntax
authentication login {[local] [radius] [tacacs]}
no authentication login
• local - Use local password.
• radius - Use RADIUS server password.
• tacacs - Use TACACS server password.
Default Setting
Local
Command Mode
Global Configuration
Command Usage
• RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery,
while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts
only the password in the access-request packet from the client to the server, while
TACACS+ encrypts the entire body of the packet.
• RADIUS and TACACS+ logon authentication assigns a specific privilege level for
each user name and password pair. The user name, password, and privilege level
must be configured on the authentication server.
• You can specify three authentication methods in a single command to indicate the
authentication sequence. For example, if you enter “authentication login radius
tacacs local,” the user name and password on the RADIUS server is verified first.
If the RADIUS server is not available, then authentication is attempted on the
TACACS+ server. If the TACACS+ server is not available, the local user name and
password is checked.
Table 4-30 Authentication Sequence
Command Function Mode Page
authentication login Defines logon authentication method and precedence GC 4-101
authentication enable Defines the authentication method and precedence for
command mode change
GC 4-102