Command:

aaa authentication enable default


Mode:

Router(config)#


Syntax:

aaa authentication enable default method1 [method2...]

no aaa authentication enable default method1 [method2...]


Syntax Description:

method 

At least one of the keywords described in the table below.

 

Command Description:

 

To enable AAA authentication to determine if a user can access the privileged command level, use the aaa authentication enable default global configuration command. Use the no form of this command to disable this authorization method.

 

Usage Guidelines

Use the aaa authentication enable default command to create a series of authentication methods that are used to determine whether a user can access the privileged command level. Method keywords are described in the table below. The additional methods of authentication are used only if the previous method returns an error, not if it fails. To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line.

If a default authentication routine is not set for a function, the default is none and no authentication is performed. Use the show running-config command to view currently configured lists of authentication methods.

Table: aaa authentication enable Default Methods

Keyword

Description

enable

Uses the enable password for authentication.

line

Uses the line password for authentication.

none

Uses no authentication.

group tacacs+

Uses the list of all TACACS+ to provide authentication services.

group radius

Uses the list of all RADIUS to provide authentication services.

group | group-name

Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the server group group-name.

 

Example:

The following example creates an authentication list that first tries to contact a TACACS+ server. If no server can be found, AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication.

Router(config)#aaa authentication enable default group tacacs+ enable none


Misconceptions:

 

The additional methods of authentication are used if the previous method fails.


Related Commands:

 

aaa authorization

 

aaa new-model

 

enable password

 


� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)