Cisco Systems SN 5428-2

9-17

Cisco SN5428-2 Storage Router Software Configuration Guide

OL-5239-01

Chapter9 Configuring Authentication

Creating Authentication Lists

Enable authentication

Use the commands in the following procedure to build a default list of authentication services to be used

for Enable authentication. Building the default list completes the configuration of Enable authentication

and makes it immediately effective.

•RADIUS servers are passed the default user name, $enab15$, along with the entered password for

authentication purposes.

•TACACS+ servers are passed the user name used at login, along with the entered password, for

authentication purposes. If a user name was not needed for login, the storage router prompts the user

to enter a user name, along with the enable password, when the enable command is issued.

Tip You must configure the databases used by the RADIUS or TACACS+ servers with the appropriate user

name and password information.

Note Local and local-case services cannot be used for Enable authentication.

Use the commands in the following procedure to build a default list of authentication services to be used

for Login authentication. Building the default list completes the configuration of Login authentication

and makes it immediately effective.

Command Description

Step1 enable Enter Administrator mode.

Step2 aaa authentication enable

default group sysadmin enable

Create a default list of authentication services for Enable

authentication.

For example, create a list so that AAA first tries to perform

authentication using the TACACS+ servers in the group named

sysadmin. If no TACACS+ server is found, TACACS+ returns an

error and AAA attempts authentication using the configured

Administrator mode password. If the password you entered does

not match the configured Administrator mode password,

authentication fails and no other methods are attempted.

Command Description

Step1 enable Enter Administrator mode.

Step2 aaa authentication login default

group sysadmin monitor

Create a default list of authentication services for Login

authentication.

For example, create a list so that AAA first tries to perform

authentication using the TACACS+ servers in the group named

sysadmin. If no TACACS+ server is found, TACACS+ returns an

error and AAA attempts authentication using the configured

Monitor mode password (eliminating authentication of the user

name). If the password you entered does not match the configured

Monitor mode password, authentication fails and no other methods

are attempted.