Dell Command Line Reference Guide for the S4048–ON System 9.14.2.8

PDF

aaa authentication login

Configure AAA Authentication method lists for user access to EXEC mode (Enable log-in).

Syntax
aaa authentication login {method-list-name | default} method [... method4]

To return to the default setting, use the no aaa authentication login {method-list-name | default} command.

Parameters
method-list-name
Enter a text string (up to 16 characters long) as the name of a user-configured method list that can be applied to different lines.
default
Enter the keyword default to specify that the method list specified is the default method for all terminal lines.
method
Enter one of the following methods:
  • enable: use the password the enable password command defines in CONFIGURATION mode. Not available if role-only is in use.
  • line: use the password the password command defines in LINE mode. Not available if role-only is in use.
  • local: use the password for the userid contained in the local password database.

  • none: no authentication. Not available if role-only is in use.
  • radius: use the RADIUS servers configured with the radius-server host command.
  • tacacs+: use the TACACS+ servers configured with the tacacs-server host command.
... method4
(OPTIONAL) Enter up to four additional methods. In the event of a “no response” from the first method, the system applies the next configured method (up to four configured methods).
Defaults
Not configured (that is, no authentication is performed).
Command Modes
CONFIGURATION
Command History

This guide is platform-specific. For command information about other platforms, see the relevant Dell EMC Networking OS Command Line Reference Guide.

Version
Description
9.11(0.0)
Included a prompt to force the users to re-authenticate, when re-authentication is enabled.
9.10(0.1)
Introduced on the S6010-ON and S4048T-ON.
9.10(0.0)
Introduced on the S3148.
9.10(0.0)
Introduced on the S6100-ON.
9.8(2.0
Introduced on the S3100 series.
9.8(1.0)
Introduced on the Z9100-ON.
9.8(0.0P5)
Introduced on the S4048-ON.
9.8(0.0P2)
Introduced on the S3048-ON.
9.7(0.0)
Introduced on the S6000–ON.
9.5(0.1)
Added support for roles Z9500.
9.5(0.0)
Added support for roles on the Z9000, S6000, S4820T, S4810, MXL
9.2(1.0)
Introduced on the Z9500.
9.0.2.0
Introduced on the S6000.
8.3.19.0
Introduced on the S4820T.
8.3.11.1
Introduced on the Z9000.
8.3.7.0
Introduced on the S4810.
7.6.1.0
Introduced on the S-Series.
7.5.1.0
Introduced on the C-Series.
pre-6.2.1.0
Introduced on the E-Series.
Usage Information

By default, the locally configured username password is used. If you configure aaa authentication login default, Dell EMC Networking OS uses the methods this command defines for login instead.

Methods configured with the aaa authentication login command are evaluated in the order they are configured. If users encounter an error with the first method listed, Dell EMC Networking OS applies the next method configured. If users fail the first method listed, no other methods are applied. The only exception is the local method. If the user’s name is not listed in the local database, the next method is applied. If the correct user name/password combination is not entered, the user is not allowed access to the switch.

NOTE: If authentication fails using the primary method, Dell EMC Networking OS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell EMC Networking OS proceeds to the next authentication method. The TACACS+ is incorrect, but the user is still authenticated by the secondary method.

After configuring the aaa authentication login command, configure the login authentication command to enable the authentication scheme on terminal lines.

Connections to the SSH server work with the following login mechanisms: local, radius, and tacacs.

Related Commands

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\