Command:

aaa authentication nasi


Mode:

Router(config)#


Syntax:

aaa authentication nasi {default  | list-name} method1 [method2...]

no aaa authentication nasi {default  | list-name} method1 [method2...]


Syntax Description:

default

Makes the listed authentication methods that follow this argument the default list of methods used when a user logs in.

list-name 

Character string used to name the following list of authentication methods activated when a user logs in.

method1  [method2...]

At least one of the methods described in the table below.

 


Command Description:

 

To specify AAA authentication for Netware Asynchronous Services Interface (NASI) clients connecting through the access server, use the aaa authentication nasi global configuration command. Use the no form of this command to disable authentication for NASI clients.

Usage Guidelines

The default and optional list names created with the aaa authentication nasi command are used with the nasi authentication command. 

Create a list by entering the aaa authentication nasi command, where list-name is any character string that names the list (such as MIS-access). The method argument identifies the list of methods the authentication algorithm tries in the given sequence. Method keywords are described in table below.

To create a default list that is used if no list is assigned to a line with the nasi authentication command, use the default argument followed by the methods that are desired in default situations.

The remaining methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.

If authentication is not specifically set for a line, the default is to deny access and no authentication is performed. Use the show running-config command to display currently configured lists of authentication methods.

Table: aaa authentication nasi Methods

Keyword

Description

enable

Uses the enable password for authentication.

local-case

Uses case-sensitive local username authentication.

line

Uses the line password for authentication.

local

Uses the local username database for authentication.

none

Uses no authentication.

group | group-name

Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the server group group-name.

group radius

Uses the list of all RADIUS to provide authentication service.

group tacacs+

Uses the list of all TACACS+ to provide authentication services.

This command cannot be used with TACACS or extended TACACS.


Examples:

The following example creates an AAA authentication list called list1. This authentication first tries to contact a TACACS+ server. If no server is found, TACACS+ returns an error and AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication.

 

Router(config)#aaa authentication nasi list1 group tacacs+ enable none
 
The following example creates the same list, but sets it as the default list that is used for all login authentications if no other list is specified:

 

Router(config)#aaa authentication nasi default group tacacs+ enable none


Misconceptions:

 

None


Related Commands:

 

None


� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)