Configures the AAA login sequence.
The default server is Local.
Global configuration mode
This command selects the order of authentication sources to be used for user authentication during the login process. Two sources are supported: primary and secondary. The secondary source of authentication is optional and will be used if the primary source fails or is not available.
The authentication mode can only be set and cannot be added or deleted. For example, to change a configuration from "radius local" to radius only, execute the no aaa authentication login command to resets the configuration to the default mode, and then reconfigure the AAA mode with the desired setting.
In a configuration with primary and secondary sources of authentication, the primary mode cannot be modified alone. For example, you cannot change from “radius local" or "radius local-auth-fallback” to “tacacs+ local" or "tacacs+ local-auth-fallback” respectively. First remove the existing configuration and then configure it to the required configuration.
To change the AAA server to TACACS+ using the local device database as a secondary source of authentication:
device(config)# aaa authentication login tacacs+ local Broadcast message from root (pts/0) Tue Apr 5 16:34:12 2011...
To change the AAA server from TACACS+ and local to TACACS+ only (no secondary source):
device(config)# no aaa authentication login tacacs+ local device(config)# aaa authentication login tacacs+ device(config)# do show running-config aaa aaa authentication login tacacs+