
Security | 919
Enable AAA Authentication
To enable AAA authentication, use the following command in the CONFIGURATION mode:
If the default list is not set, only the local enable is checked. This has the same effect as issuing:
aaa authentication enable default enable
AAA Authentication—RADIUS
To enable authentication from the RADIUS server, and use TACACS as a backup, use the following
commands:
To get enable authentication from the RADIUS server, and use TACACS as
a backup, issue the following commands:
To use local authentication for enable secret on console, while using
remote authentication on VTY lines, perform the following steps:
Command Syntax Command Mode Purpose
aaa authentication enable
{method-list-name | default} method1 [...
method4]
CONFIGURATION • default—Uses the listed authentication
methods that follow this argument as the
default list of methods when a user logs in.
•method-list-name—Character string used to
name the list of enable authentication methods
activated when a user logs in.
•method1 [... method4]—Any of the following:
RADIUS, TACACS, enable, line, none.
Step Command Syntax Command Mode Purpose
1aaa authentication enable default
radius tacacs
CONFIGURATION To enable RADIUS and to set up TACACS
as backup.
2radius-server host x.x.x.x key
some-password
CONFIGURATION To establish host address and password.
3tacacs-server host x.x.x.x key
some-password
CONFIGURATION To establish host address and password.
FTOS(config)# aaa authentication enable default radius tacacs
Radius and TACACS server has to be properly setup for this.
FTOS(config)# radius-server host x.x.x.x key <some-password>
FTOS(config)# tacacs-server host x.x.x.x key <some-password>
FTOS(config)# aaa authentication enable mymethodlist radius tacacs
FTOS(config)# line vty 0 9
FTOS(config-line-vty)# enable authentication mymethodlist