aaa "login" keyword and "default" keyword functions

Unanswered Question
Nov 25th, 2005
User Badges:

CCNP3 Multilayer Switching Curriculum cisco says:

"The aaa authentication login command enables AAA authentication for logins on :

1- Terminal lines (TTYs).

2- Virtual terminal lines (VTYs)

3- Console (con 0).

Using this command can create one or more lists that are tried at login:

Router(config)#aaa authentication login {default | list-name } method1 [...[method4]]

The default list is applied to all lines".

My query:

1- Does the “login“ keyword mean use aaa authentication for every thing (vty, tty, aux, console, interface), or "default" keyword the one which deciede that ?

If we have got another example:

aaa authentication login CONSOLE line

Does the “login“ keyword in this example ,mean use aaa authentication command for console line only (not for every thing) ?----The reason I am saying that , because the “default“ keyword (list type) has not been used here.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
spremkumar Mon, 11/28/2005 - 00:20
User Badges:
  • Red, 2250 points or more


By default if u use the keyword default in conjunction with the aaa authentication command it does applies for all the connections like tty,vty,aux,console..

But if u prepare a seperate list for each connections like aaa authentication login VTY,aaa authentication login TTY,aaa authentication login CON.. and can apply them accordingly using login authentication under the respective modes.

basically u can define for TTY take the databse from radius or tacacs+ server if its not available take it from local ..for console take the database from local defined username and password or even nothing.

so it basically gives the flexibility in defining the methods or ways u can use up the command .


zillah2004 Mon, 11/28/2005 - 04:01
User Badges:

Thanks spremkumer for these informations

What the about the keywork "login" ?

1- Is "login" keyword ?

2- Is it mandotary to be conjuncted with aaa authentication ?

3- My early thread was about it

spremkumar Mon, 11/28/2005 - 05:02
User Badges:
  • Red, 2250 points or more


if u r configuring the authentication for the line vty or tty or console access using default profile or any specific profile its mandatory to key in the login word .

Again its the whole command for enabling the access..

instead if ur preparing for PPP access then u will mention out PPP in place of login..



This Discussion