aaa authentication login default

Syntax

aaa authentication login default {local | group <GROUP-LIST>}

no aaa authentication login default

Description

Defines authentication as being local (with the name local). Or defines a sequence of remote AAA servers to be interrogated for authentication purposes.

The no form of this command removes any defined remote AAA server authentication sequence, returning the switch to local authentication only.

Command context

config

Parameters

local

Selects local-only authentication.

group <GROUP-LIST>

Specifies the list of remote AAA server group names. Predefined remote AAA group names tacacs or radius are available. User-defined TACACS and RADIUS server group names may also be used. The remote AAA servers are interrogated in the order that the group names are listed in this command.

If no AAA server is reachable, local authentication is attempted.

Authority

Administrators

Examples

Defining an authentication sequence based on a user-defined TACACS+ server group, then the default TACACS+ server group, and finally (if needed), local authentication.

switch(config)# aaa authentication login default group tacacs_user1 tacacs local

Enabling local authentication:

switch(config)# aaa authentication login default local