beautypg.com

Aaa authentication login, The authentication – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1241

background image

AAA Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

45.19

aaa authentication login

Use this command to create an ordered list of methods to use to authenticate user login,
or to replace an existing method list with the same name. Specify one or more of the
options local or group, in the order you want them to be applied. If the default method
list name is specified, it is applied to every console and VTY line immediately unless
another method list is applied to that line by the

login authentication

command. To

apply a non-default method list, you must also use the

login authentication

command.

Use the no variant of this command to remove an authentication method list for user
login. The specified method list name is deleted from the configuration. If the method list
name has been applied to any console or VTY line, user login authentication on that line
will fail.

Note that the no aaa authentication login default command does not remove the default
method list. This will return the default method list to its default state (local is the default).

Syntax

aaa authentication login {default|<list-name>}

{[local] [group {radius|tacacs+|<group-name>}]}

no aaa authentication login {default|<list-name>}

Default

If the default server is not configured using this command, user login authentication uses
the local user database only.

If the default method list name is specified, it is applied to every console and VTY line
immediately unless a named method list server is applied to that line by the login
authentication command.

local is the default state for the default method list unless a named method list is applied
to that line by the login authentication command. Reset to the default method list using
the no aaa authentication login default command.

Mode

Global Configuration

Usage

When a user attempts to log in, the switch sends an authentication request to the first
authentication server in the method list. If the first server in the list is reachable and it
contains a username and password matching the authentication request, the user is
authenticated and the login succeeds. If the authentication server denies the
authentication request because of an incorrect username or password, the user login fails.
If the first server in the method list is unreachable, the switch sends the request to the next
server in the list, and so on.

Parameter Description

default

Set the default authentication server for user login.

<

list-name

>

Name of authentication server.

local

Use the local username database.

group

Use server group.

radius

Use all RADIUS servers configured by the

radius-server

host command on page 47.6

.

tacacs+

Use all TACACS+ servers configured by the

tacacs-server

host

command.

<group-name>

Use the specified RADIUS server group, as configured by
the

aaa group server

command.

See also other documents in the category Allied Telesis Computer hardware: