ADTRAN 1000R Series

Command Reference Guide Global Configuration Mode Command Set

aaa authentication enable default [none | line | enable |

Use the aaa authentication enable default command to create (or change) the list of fallback methods

used for privileged mode access authentication. For more detailed information on AAA functionality, refer

to the Technology Review section of the command aaa on on page 340.

Syntax Description

none Access automatically granted.

line Uses the line password for authentication.

enable Uses the enable password for authentication.

group <groupname> Uses the specified group of remote servers for authentication.

group radius Uses all defined RADIUS servers for authentication.

group tacacs+ Uses all defined TACACS+ servers for authentication.

Default Values

If there is no default methods list configured, the default behavior is to use the enable password for the

unit. If there is no password configured, consoles are allowed access (this prevents a lock-out).

Applicable Platforms

This command applies to the NetVanta 300, 1000, 1000R, 2000, 3000, 4000, and 5000 and

Total Access 900 Series units.

Command History

Release 5.1 Command was introduced.

Release 11. The group tacacs+ command was added.

Functional Notes

A user is authenticated by trying the list of methods from first to last until a method succeeds or fails. If a

method is unable to complete, the next meth od is tried . The group falls throug h if the servers in th e remote

group cannot be found.

Note that enable access is a password -only process. The local-user database cannot be used, and the

username given to any remote RADIUS server is $enab15$. The only list name allowed is default.

Usage Examples

The following example specifies using the line password as the first method for enable authentication and

using the enable password as the second:

(config)#aaa authentication enable default line enable