aaa-login

Configures AAA (Authentication, Authorization and Accounting) modes used with this management policy

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

aaa-login [local|radius|tacacs]
aaa-login local
aaa-login radius [external|fallback|policy]
aaa-login radius [external|fallback|policy <AAA-POLICY-NAME>]
aaa-login tacacs [accounting|authentication|authorization|fallback|policy <AAA-TACACS-POLICY-NAME>]

Parameters

aaa-login local

local

Sets local as the preferred authentication mode. Local authentication uses the local username database to authenticate a user.

aaa-login radius [external|fallback|policy <AAA-POLICY-NAME>]

radius

Configures the RADIUS server parameters

Note: If local authentication is disabled, use this command to specify if the RADIUS server used is external, fallback, or specified by a AAA policy.

external

Configures external RADIUS server as the preferred authentication server

fallback

Configures RADIUS server authentication as the primary authentication mode. When RADIUS server authentication fails, the system uses local authentication. This command configures local authentication as a backup mode.

policy <AAA-POLICY-NAME>

Associates a specified AAA policy with this management policy. The AAA policy determines if a client is granted access to the network.
  • <AAA-POLICY-NAME> – Specify the AAA policy name (should be existing and configured).
Note: For more information on configuring AAA policy, see AAA Policy.
aaa-login tacacs [accounting|authentication|authorization|fallback|policy <AAA-TACACS-POLICY-NAME>]

tacacs

Configures TACACS (Terminal Access Control Access-Control System) server parameters

accounting

Configures TACACS accounting

authentication

Configures TACACS authentication

authorization

Configures TACACS authorization

fallback

Configures TACACS as the primary authentication mode. When TACACS authentication fails, the system uses local authentication. This command configures local authentication as a backup mode.

policy <AAA-TACACS-POLICY- NAME>

Associates a specified AAA TACACS policy with this management policy
  • <AAA-TACACS-POLICY-NAME> – Specify the TACACS policy name (should be existing and configured).

Note: For more information on configuring AAA TACACS policy, see AAA-TACACS Policy.

Usage Guidelines

Use AAA login to determine whether management user authentication must be performed against a local user database or an external RADIUS server.

Examples

rfs4000-6DB5D4(config-management-policy-test)#aaa-login radius policy test
rfs4000-6DB5D4(config-management-policy-test)#show context
management-policy test
 http server
 no ssh
 aaa-login radius policy test
rfs4000-6DB5D4(config-management-policy-test)#

Related Commands

no

Removes the TACACS server policy settings