beautypg.com

ADTRAN 5000 Series User Manual

Page 290

background image

Command Reference Guide

Global Configuration Mode Command Set

61200990L1-35E

Copyright © 2005 ADTRAN

290

aaa authentication login [ | default] [none | line | enable |

local | group | group radius | group tacacs+]

Use the aaa authentication login command to create (or change) a named list with the ability to have a
chain of fallback authentication methods for user authentication. Available methods for the fallback
authentication methods are: no authentication (which grants login access without authentication), line
password, enable password, local database, and defined group of servers. The defined server groups may
be TACACS+ or RADIUS servers. For more detailed information on AAA functionality, refer to the
Technology Review section of the command aaa on

on page 296

.

Syntax Description

Specifies a named login list.

default

Specifies the default list used to authenticate users when no other list is assigned.

none

Access automatically granted.

line

Uses line password (Telnet 0-4 or console 0-1) for authentication.

enable

Uses enable password for authentication.

local

Uses local user database for authentication.

group

Uses specified group of remote servers for authentication.

group radius

Uses defined RADIUS servers for authentication.

group tacacs+

Uses defined TACACS+ servers for authentication.

Default Values

The login list named default is the default list used to authenticate users when no other list is assigned.

Applicable Platforms

This command applies to the NetVanta 300, 1000, 1000R, 2000, 3000, 4000, and 5000 and
Total Access 900 Series units.

Command History

Release 5.1

Command was introduced.

Release 11.

The group tacacs+ command was added.

Functional Notes

A user is authenticated by trying the list of methods from first to last until authentication succeeds or fails. If
a method does not succeed or fail, the next method is tried. The local user database method falls through
to the next method if the username does not appear in the database. The group method falls through if the
servers in the remote group cannot be found. Refer to the command

radius-server

on page 436

or

tacacs-server

on page 466

for information on defining server groups.

See also other documents in the category ADTRAN Hardware: