ADTRAN 1000R Series User Manual
Page 332
Command Reference Guide
Global Configuration Mode Command Set
61200510L1-35E
Copyright © 2005 ADTRAN
332
aaa authentication enable default [none | line | enable |
group <groupname> | group radius | group tacacs+]
Use the aaa authentication enable default command to create (or change) the list of fallback methods
used for privileged mode access authentication. For more detailed information on AAA functionality, refer
to the Technology Review section of the command aaa on
.
Syntax Description
none
Access automatically granted.
line
Uses the line password for authentication.
enable
Uses the enable password for authentication.
group <groupname>
Uses the specified group of remote servers for authentication.
group radius
Uses all defined RADIUS servers for authentication.
group tacacs+
Uses all defined TACACS+ servers for authentication.
Default Values
If there is no default methods list configured, the default behavior is to use the enable password for the
unit. If there is no password configured, consoles are allowed access (this prevents a lock-out).
Applicable Platforms
This command applies to the NetVanta 300, 1000, 1000R, 2000, 3000, 4000, and 5000 and
Total Access 900 Series units.
Command History
Release 5.1
Command was introduced.
Release 11.
The group tacacs+ command was added.
Functional Notes
A user is authenticated by trying the list of methods from first to last until a method succeeds or fails. If a
method is unable to complete, the next method is tried. The group falls through if the servers in the remote
group cannot be found.
Note that enable access is a password-only process. The local-user database cannot be used, and the
username given to any remote RADIUS server is $enab15$. The only list name allowed is default.
Usage Examples
The following example specifies using the line password as the first method for enable authentication and
using the enable password as the second:
(config)#aaa authentication enable default line enable