Custom Search
|
|
Cisco Ccna (640-553) Security Training: Using The Aaa Authentication Enable Default Command
CCNA’s (like you) use the “aaa authentication enable default” command to enable AAA authentication, so in order, to control which users will gain access to the privileged command level. Another way of saying it is; network administrators use the command to create a series of authentication methods that are used to determine whether a user can access the privileged command level. And, during the process, the router will try one authentication method at a time; and will only move on to the next one if the previous method returns an error, not if it fails. Below are the command’s syntax and authentication (keyword) methods: Syntax: aaa authentication enable default method1 [method2...] Authentication (keyword) methods: •enable—This keyword uses the enable password for authentication. •group radius—This keyword uses the list of all RADIUS servers for authentication. (This authentication method doesn’t work on a per-username basis.) •group tacacs+— This keyword uses the list of all TACACS+ servers for authentication. •group group-name —This keyword uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command. •none—This keyword uses no authentication. The client is automatically authenticated by the switch or router without using the information supplied by the user. Remember, if you use any one of the group keyword methods (group radius, group tacacs+, or group group-name) you’ll need to use either the radius-server host or tacacs+-server host commands to configure your RADIUS or TACACS+ host server(s). And, if you have more than one RADIUS or TACACS+ host server, you can use either the aaa group server radius or aaa group server tacacs+ commands to create a named group of servers. Also, if you use the command (plainly) without typing in a method like you see below: Router(config)#aaa authentication enable default Router(config)#exit Router#copy run start The router will automatically only use the “enable” password as the only method of authentication, and if there is no “enable” password configured on the router; the router will just let the user authenticate anyway. And, like with mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below: Router(config)#no aaa authentication enable default Remember, in order for you to use the “aaa authentication enable default” command; your router(s) must be running Cisco IOS 12.0(5)T or higher. I hope this article was very informative and helped you quickly understand the usage of the aaa authentication enable default command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques. To your success, Article Directory: http://www.articledashboard.com Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you'll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam. Sign-Up for "100 Free Videos" and, also learn more about the new "Cisco CCNA (640-553) Video Accelerated Training Course" at his website. www.ccnaittechtips.com |
|