Command Reference Guide Global Configuration Mode Command Set
61200510L1-35E Copyright © 2005 ADTRAN 341
The AAA system allows users to create a named list of these methods to attempt in order (if one fails, it
falls to the next one on the list). This named list is then attached to a portal (telnet 0-4 or console 0-1).
When a user Telnets in or accesses the terminal, the AAA system uses the methods from the named list to
authentic at e th e use r.
The AAA system must be turned on to be active. By default it is off. Use the aaa o n command to activate
the AAA system.
If a portal is not explicitly assigned a named list, the name default is automatically assigned to it. Users
can customize the default list just like any other list. If no default list is configured, the following default
behavior applies (defaults are based on portal):
• Instant access (NONE) is assigned to the console using the default list (when the list has not been
configured).
• The local-user database is used for Telnet sessions using the default list (when the list has not been
configured).
• No access is granted for FTP access using the default list (when the list has not been configured).
Methods fail (and therefore cause the system to proceed to the next configured method) under the following
circumstances:
• LINE and ENABLE passwords fall through if there are no LINE or ENABLE passwords configured.
• LOCAL-USERS fall through if the given user is not in the database.
• RADIUS server groups fall through if the given server(s) cannot be contacted on the network.
Example
For a default list defined with the order [LINE, ENABLE, LOCAL, and GROUP
mygroup
], the following
statements are true:
• If there is no LINE password, the list falls through to the ENABLE password.
• If there is no ENABLE password, the AAA system prompts the user for a username and password for
the local-user data b as e.
• If the given user is not in the local list, the username and password are handed to the remote servers
defined in mygroup.
• A failure at any point (password not matching) denies access.
If the AAA process falls through the list completely, system behavior is based on portal:
• Console access is granted if the process falls comp letely through (this prevents a loc k-o u t con dit ion ).
• Telnet and FTP are denied access.