aaa authentication login

Use this command to set authentication at login. The default and optional list names created with the command are used with the aaa authentication login command. Create a list by entering the aaa authentication login list-name method command, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.

The additional methods of authentication are used only if the previous method returns an error, not if there is an authentication failure. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line. For example, if none is specified as an authentication method after radius, no authentication is used if the RADIUS (Remote Authentication Dial In User Service) server is down.

  • defaultList. Used by the console and only contains the method none.
  • networkList. Used by Telnet and SSH and only contains the method local.
Format aaa authentication login {default | list-name} method1 [method2...]
Mode Global Config
Parameter Definition
default Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
list-namev Character string of up to 15 characters used to name the list of authentication methods activated when a user logs in.
method1... [method2...] At least one from the following:
  • enable: Uses the enable password for authentication.
  • line: Uses the line password for authentication.
  • local: Uses the local username database for authentication.
  • none: Uses no authentication.
  • radius: Uses the list of all RADIUS servers for authentication.
  • tacacs: Uses the list of all TACACS servers for authentication.

The following shows an example of the command:

(Extreme 220) (Config) # aaa authentication login default radius local enable none