Preface
- Text Conventions
- Platform-Dependent Conventions
- Providing Feedback to Us
- Getting Help
- Documentation and Training
About This Guide
- ABOUT THIS GUIDE
  - Notational Conventions
Introduction
- WiNG CLI Structure
User Exec Mode Commands
- USER EXEC MODE COMMANDS
  - user-exec-commands
Privileged Exec Mode Commands
- PRIVILEGED EXEC MODE COMMANDS
  - privileged-exec-commands
Global Configuration Mode Commands
- GLOBAL CONFIGURATION COMMANDS
  - global-config-commands
Common Commands
- COMMON COMMANDS
  - common-commands
    - clrscr
    - commit
    - exit
    - help
    - no
    - revert
    - service
    - show
    - write
Show Commands
- SHOW COMMANDS
  - show-commands
    - show
    - adoption
    - bluetooth
    - boot
    - bonjour
    - captive-portal
    - captive-portal-page-upload (show commands)
    - cdp
    - classify-url
    - clock
    - cluster
    - cmp-factory-certs
    - commands
    - context
    - critical-resources
    - crypto
    - database
    - device-upgrade
    - dot1x
    - dpi
    - environmental-sensor
    - event-history
    - event-system-policy
    - ex3500
    - extdev
    - fabric-attach
    - file
    - file-sync
    - firewall
    - global
    - gps (show command)
    - gre
    - guest-registration
    - interface
    - iot-device-type-imagotag
    - ip
    - ip-access-list-stats
    - ipv6
    - ipv6-access-list
    - l2tpv3
    - lacp
    - ldap-agent
    - licenses
    - lldp
    - logging
    - mac-access-list-stats
    - mac-address-table
    - macauth
    - mac-auth-clients
    - mint
    - ntp
    - password-encryption
    - pppoe-client
    - privilege
    - radius
    - reload
    - rf-domain-manager
    - role
    - route-maps
    - rtls
    - running-config
    - session-changes
    - session-config
    - sessions
    - site-config-diff
    - smart-rf
    - snmpv3 (show command)
    - spanning-tree
    - startup-config
    - t5
    - terminal
    - timezone
    - traffic-shape
    - tron (show command)
    - upgrade-status
    - version
    - vrrp
    - virtual-machine
    - wireless
    - web-filter
    - what
    - wwan
Profile Commands
- PROFILES
AAA Policy
- AAA-POLICY
  - aaa-policy-commands
Auto-Provisioning Policy
- AUTO-PROVISIONING-POLICY
  - auto-provisioning-policy-commands
Association-ACL Policy
- ASSOCIATION-ACL-POLICY
  - Association-acl-policy-commands
    - deny
    - permit
    - no
Access-List Policy
- ACCESS-LIST
DHCP Policy
- DHCP-SERVER-POLICY
  - dhcp-server-policy commands
  - dhcpv6-server-policy commands
Firewall Policy
- FIREWALL-POLICY
  - firewall-policy-commands
    - acl-logging
    - alg
    - clamp
    - dhcp-offer-convert
    - dns-snoop
    - firewall
    - flow
    - ip
    - ip-mac
    - ipv6
    - ipv6-mac
    - logging
    - proxy-arp
    - proxy-nd
    - stateful-packet-inspection-12
    - storm-control
    - virtual-defragmentation
    - no
MiNT Policy
- MINT-POLICY
  - mint-policy-commands
    - level
    - lsp
    - mtu
    - router
    - udp
    - no
Management Policy
- MANAGEMENT-POLICY
  - management-policy-commands
RADIUS Policy
- RADIUS-POLICY
  - radius-group
    - guest
    - policy
    - rate-limit
    - no
  - radius-server-policy
    - authentication
    - bypass
    - chase-referral
    - crl-check
    - ldap-agent
    - ldap-group-verification
    - ldap-server
    - local
    - nas
    - proxy
    - session-resumption
    - termination
    - use
    - no
  - radius-user-pool-policy
    - duration
    - user
    - no
Radio QoS Policy
- RADIO-QOS-POLICY
  - radio-qos-policy-commands
Role Policy
- ROLE-POLICY
  - role-policy-commands
Smart-RF Policy
- SMART-RF-POLICY
  - smart-rf-policy commands
WIPS Policy
- WIPS-POLICY
  - wips-policy-commands
WLAN QoS Policy
- WLAN-QOS-POLICY
  - WLAN-QOS-Policy commands
L2TPv3 Policy
- L2TPV3-POLICY
Router Mode Commands
- ROUTER-MODE
  - router-mode-commands
Routing Policy
- ROUTING-POLICY
  - routing-policy-commands
AAA_TACACS Policy
- AAA-TACACS-POLICY
  - aaa-tacacs-policy-commands
Meshpoint Policy
- MESHPOINT
Passpoint Policy
- PASSPOINT POLICY
  - passpoint-policy
Crypto-CMP Policy
- CRYPTO-CMP-POLICY
  - crypto-cmp-policy-instance
  - other-cmp-related-commands
    - use (other-cmp-related-commands)
    - show (other-cmp-related-commands)
Roaming-Assist Policy
- ROAMING ASSIST POLICY
  - roaming-assist-policy commands
Border Gateway Policy
- BORDER GATEWAY PROTOCOL
Controller Managed WLAN Use Case
- CREATING A FIRST CONTROLLER MANAGED WLAN

aaa-login

Configures AAA (Authentication, Authorization and Accounting) modes used with this management policy

Supported in the following platforms:

Access Points — AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP7632, AP7662, AP8163, AP8432, AP8533
Wireless Controller — RFS4010
Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

aaa-login [local|radius|tacacs]

aaa-login local

aaa-login radius [external|fallback|policy]

aaa-login radius [external|fallback|policy <AAA-POLICY-NAME>]

aaa-login tacacs [accounting|authentication|authorization|fallback|policy <AAA-TACACS-POLICY-NAME>]

Parameters

aaa-login local

local

Sets local as the preferred authentication mode. Local authentication uses the local username database to authenticate a user.

aaa-login radius [external|fallback|policy <AAA-POLICY-NAME>]

radius	Configures the RADIUS server parameters Note: If local authentication is disabled, use this command to specify if the RADIUS server used is external, fallback, or specified by a AAA policy.
external	Configures external RADIUS server as the preferred authentication server
fallback	Configures RADIUS server authentication as the primary authentication mode. When RADIUS server authentication fails, the system uses local authentication. This command configures local authentication as a backup mode.
policy <AAA-POLICY-NAME>	Associates a specified AAA policy with this management policy. The AAA policy determines if a client is granted access to the network. <AAA-POLICY-NAME> – Specify the AAA policy name (should be existing and configured). Note: For more information on configuring AAA policy, see AAA-POLICY.

aaa-login tacacs [accounting|authentication|authorization|fallback|policy <AAA-TACACS-POLICY-NAME>]

tacacs	Configures TACACS (Terminal Access Control Access-Control System) server parameters
accounting	Configures TACACS accounting
authentication	Configures TACACS authentication
authorization	Configures TACACS authorization
fallback	Configures TACACS as the primary authentication mode. When TACACS authentication fails, the system uses local authentication. This command configures local authentication as a backup mode.
policy <AAA-TACACS-POLICY- NAME>	Associates a specified AAA TACACS policy with this management policy <AAA-TACACS-POLICY-NAME> – Specify the TACACS policy name (should be existing and configured). Note: For more information on configuring AAA TACACS policy, see AAA-TACACS-POLICY.

Usage Guidelines

Use AAA login to determine whether management user authentication must be performed against a local user database or an external RADIUS server.

Examples

rfs4000-6DB5D4(config-management-policy-test)#aaa-login radius policy test

rfs4000-6DB5D4(config-management-policy-test)#show context
management-policy test
 http server
 no ssh
 aaa-login radius policy test
rfs4000-6DB5D4(config-management-policy-test)#

Related Commands

no	Removes the TACACS server policy settings

Published June 2019prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback