AAA Commands 243
User Guidelines
The default and optional list names created with the aaa authentication
enable command are used with the enable authentication command.
Create a list by entering the aaa authentication enable

list-name method

command where
list-name
is any character string used to name this list. The

method

argument identifies the list of methods that the authentication
algorithm tries in the given sequence.
The additional methods of authentication are used only if the previous
method returns an error, not if it fails to authenticate the user. Only the
RADIUS or TACACS methods can return an error. To ensure that the
authentication succeeds even if all methods return an error, specify none as
the final method in the command line. Note that enable will not succeed for
a level one user if no authentication method is defined. A level one user must
authenticate to get to privileged EXEC mode. For example, if none is
specified as an authentication method after radius, no authentication is used
if the RADIUS server is down.
NOTE: Requests sent by the switch to a RADIUS server include the username
"$enabx$", where x is the requested privil ege level. For enable to be authe nticated
on Radius servers, add "$enabx$" users to them. The login user ID is also sent to
TACACS+ servers for enable authentication.
Example
The following example sets authentication when accessing higher privilege
levels.
console(config)# aaa authentication enable default
enable
aaa authentication login
Use the aaa authentication login command in Global Configuration mode to
set the authentication method required for user at login. To return to the
default configuration, use the no form of this command.
Syntax
aaa authentication login {default |
list-name
}

method1

[

method2...

]
2CSPC4.XCT-SWUM2XX1.book Page 243 Monday, October 3, 2011 11:05 AM