beautypg.com

Aaa authentication enable default group tacacs – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1238

background image

AAA Commands

Software Reference for x310 Series Switches

45.16

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

aaa authentication enable default group tacacs+

This command enables AAA authentication to determine the privilege level a user can
access for passwords authenticated against the TACACS+ server.

Use the no variant of this command to disable privilege level authentication.

Syntax

aaa authentication enable default group tacacs+ [local] [none]

no aaa authentication enable default

Default

Local privilege level authentication is enabled by default (

aaa authentication enable

default local

command).

Mode

Global Configuration

Usage

A user is configured on a TACACS+ server with a maximum privilege level. When they
enter the

enable (Privileged Exec mode)

command they are prompted for an enable

password which is authenticated against the TACACS+ server. If the password is correct
and the specified privilege level is equal to or less than the users maximum privilege level,
then they are granted access to that level. If the user attempts to access a privilege level
that is higher than their maximum configured privilege level, then the authentication
session will fail and they will remain at their current privilege level.

If the TACACS+ server goes offline, or is not reachable during enable password
authentication, and command level authentication is configured as:

aaa authentication enable default group tacacs+
then the user is never granted access to Privileged Exec mode.

aaa authentication enable default group tacacs+ local
then the user is authenticated using the locally configured enable password, which if
entered correctly grants the user access to Privileged Exec mode. If no enable
password is locally configured (enable password command), then the enable
authentication will fail until the TACACS+ server becomes available again.

aaa authentication enable default group tacacs+ none
then the user is granted access to Privileged Exec mode with no authentication. This is
true even if a locally configured enable password is configured.

aaa authentication enable default group tacacs+ local none
then the user is authenticated using the locally configured enable password. If no
enable password is locally configured, then the enable authentication will grant
access to Privileged Exec mode with no authentication.

If the password for the user is not successfully authenticated by the server, then the user is
again prompted for an enable password when they enter enable via the CLI.

Parameter

Description

local

Use the locally configured enable password (enable password
command) for authentication.

none

No authentication.

Note

If both local and none are specified, you must always specify local first.

See also other documents in the category Allied Telesis Computer hardware: