To configure the default authentication, authorization, and accounting (AAA) authentication methods, use the aaa authentication login default command. To revert to the default, use the no form of this command.
aaa authentication login default { group group-list } [ none ] | local | none }
no aaa authentication login default { group group-list } [ none ] | local | none }
|
group
|
Specifies that a server group be used for authentication.
|
|
group-list
|
Space-separated list of RADIUS or TACACS+ server groups that can include the following:
|
|
none
|
(Optional) Specifies that the username be used for authentication.
|
|
local
|
(Optional) Specifies that the local database be used for authentication.
|
The local database
Global configuration mode
|
Release
|
Modification
|
|
4.0(0)N1(1a)
|
This command was introduced.
|
The group radius, group tacacs+ , and group group-list methods refer to a set of previously defined RADIUS or TACACS+ servers. Use the radius-server host or tacacs-server host command to configure the host servers. Use the aaa group server command to create a named group of servers.
If you specify the group method or local method and they fail, then the authentication fails. If you specify the none method alone or after the group method, then the authentication always succeeds.
This example shows how to configure the AAA authentication console login method:
This example shows how to revert to the default AAA authentication console login method:
|
Command
|
Description
|
|---|---|
|
aaa group server
|
Configures AAA server groups.
|
|
radius-server host
|
Configures RADIUS servers.
|
|
show aaa authentication
|
Displays AAA authentication information.
|
|
tacacs-server host
|
Configures TACACS+ servers.
|