beautypg.com

8 authentication securityip, 8 authentication securityip -70 – PLANET WGSW-52040 User Manual

Page 71

background image

1-70

Parameters:

line selects the login line, including console, vty (telnet and ssh) and web; method is the list of the authentication

method, it must be among local, tacacs and radius keywords; local uses the local database to authenticate; tacacs

uses the remote TACACS+ authentication server to authenticate; radius uses the remote RADIUS authentication

server to authenticate.

Default:

No configuration is enabled for the console login method by default. Local authentication is enabled for the VTY and

Web login method by default.

Command Mode:

Global Mode.

Usage Guide:

The authentication method for Console, VTY and Web login can be configured respectively. And authentication

method can be any one or combination of Local, RADIUS and TACACS. When login method is configuration in

combination, the preference goes from left to right. If the users have passed the authentication method,

authentication method of lower preferences will be ignored. To be mentioned, if the user receives corresponding

protocol’s answer whether refuse or incept, it will not attempt the next authentication method (Exception: if the local

authentication method failed, it will attempt the next authentication method); it will attempt the next authentication

method if it receives nothing. And AAA function RADIUS server should be configured before the RADIUS

configuration method can be used. And TACACS server should be configured before the TACACS configuration

method can be used.

The authentication line console login command is exclusive with the “login” command. The authentication line

console login command configures the switch to use the Console login method. And the login command makes the

Console login to use the passwords configured by the password command for authentication.

If local authentication is configured while no local users are configured, users will be able to login the switch via the

Console method.

Example:

Configure the telnet and ssh login with the remote RADIUS authentication.

Switch(config)#authentication line vty login radius

Relative Command: aaa enableradius-server authentication hosttacacs-server authentication host

tacacs-server key

1.2.8 authentication securityip

See also other documents in the category PLANET Routers: