aaa authentication login default
Syntax
aaa authentication login default {local | group <GROUP-LIST>}
no aaa authentication login default
Description
Defines authentication as being local (with the name
local
). Or defines a sequence of remote AAA servers to be interrogated for authentication purposes.
The
no
form of this command removes any defined remote AAA server authentication sequence, returning the switch to local authentication only.
Command context
config
Parameters
local
Selects local-only authentication.
group <GROUP-LIST>
Specifies the list of remote AAA server group names. Predefined remote AAA group names
tacacs
orradius
are available. User-defined TACACS and RADIUS server group names may also be used. The remote AAA servers are interrogated in the order that the group names are listed in this command.If no AAA server is reachable, local authentication is attempted.
Authority
Administrators
Examples
Defining an authentication sequence based on a user-defined TACACS+ server group, then the default TACACS+ server group, and finally (if needed), local authentication.
switch(config)# aaa authentication login default group tacacs_user1 tacacs local
Enabling local authentication:
switch(config)# aaa authentication login default local