11-14-2001 01:14 AM - edited 03-08-2019 09:09 PM
Dear all,
if i use the command
aaa authentication ppp default tacacs+
what would the default method list contains ?, would it be username ?
is the default method list correspond to the default user group on the ACS ?
how do you create and associate a method list to users?
thank you in advance,
11-15-2001 09:27 AM
The method list is the defined ways that you will try to authenticate/authorize/account for your users. In the example you list above, your method list contains tacacs+. Since you used the keyword default, this method list will be applied to any ppp connections terminating on this router. If you would have used a name, say dial-up, you would have to manually apply the method list to each interface for the ppp connections.
Sometimes the tacacs+ server is not available and you do not want to just disconnect the user without trying some other way to authenticate the user. The following example will try tacacs+ first, then RADIUS, then local for authentication.
aaa authentication ppp default tacacs+ radius local
If tacacs+ returns a "error" message, it will move to the next method. It will not go to the next method if it returns "fail".
Hope this helps...
11-18-2001 11:39 PM
So there is no connection between a method list and usernames ?
where do i define this method list ?
suppose i use
aaa authentication login default tacacs+
aaa authentication login engineer local
where do i define engineer method list ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide