To configure the
authentication method for a login, use the
aaa
authentication
login
command in configuration mode. To revert to local
authentication, use the
no form of the
command.
aaa authentication login { {default | fallback | error | local | group group-name [none] | none | local [none] | none} | console { {fallback | error | local | group-name [none] | none} | local [none] | none | error-enable | mschap enable}}
no aaa authentication login { {default | fallback | error | local | group group-name [none] | none | local [none] | none} | console { {fallback | error | local | group-name [none] | none} | local [none] | none | error-enable | mschap enable}}
Syntax Description
default
|
Specifies
the default method.
|
fallback
|
Specifies
the fallback mechanism configuration error.
|
error
|
Specifies
the authentication error. The maximum size is 32 characters.
|
local
|
Specifies
the fallback to local authentication.
|
group
group-name
|
Specifies
the group name. The group name is a maximum of 127 characters.
|
none
|
(Optional) Sets no authentication; everyone is permitted.
|
local
|
Specifies
the local authentication method.
|
console
|
Configures the console authentication login method.
|
error-enable
|
Enables
login error message display.
|
mschap
enable
|
Enables
MS-CHAP authentication for login.
|
Command Default
Local user name
authentication.
Command Modes
Configuration mode.
Command History
Release
|
Modification
|
NX-OS
5.0(1a)
|
Added
fallback, error, and local keywords to the syntax description.
|
1.3(1)
|
This
command was introduced.
|
3.0(1)
|
Added the
mschap option.
|
Usage Guidelines
Use the
console option
to override the console login method.
Specify the
currently configured command preceded by a
no to revert to
the factory default.
Examples
The following
example shows how to configure a default method:
switch# config t
switch(config)# aaa authentication login default fallback error local
switch(config)#
The following
example shows how to configure a console method:
switch# config t
switch(config)# aaa authentication login console fallback error local
switch(config)#
The following
example enables all login authentication to be performed using remote TACACS+
servers, which are members of the group called TacServer, followed by the local
login method:
switch# config t
switch(config)# aaa authentication login default group TacServer
The following
example enables console authentication to use the group called TacServer,
followed by the local login method:
switch(config)# aaa authentication login console group TacServer
The following
example
turns off password validation:
switch(config)# aaa authentication login default none
The following
example
reverts to the local authentication method (default):
switch(config)# no aaa authentication login default group TacServer
The following
example
enables MS-CHAP authentication for login:
switch(config)# aaa authentication login mschap enable
The following
example
reverts to the default authentication method for login, which
is the Password Authentication Protocol (PAP):
switch(config)# no aaa authentication login mschap enable