Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
3
Helpful
3
Replies

aaa "login" keyword and "default" keyword functions

zillah2004
Level 1
Level 1

‎11-25-2005 11:58 AM - edited ‎03-10-2019 02:23 PM

CCNP3 Multilayer Switching Curriculum cisco says:

"The aaa authentication login command enables AAA authentication for logins on :

1- Terminal lines (TTYs).

2- Virtual terminal lines (VTYs)

3- Console (con 0).

Using this command can create one or more lists that are tried at login:

Router(config)#aaa authentication login {default | list-name } method1 [...[method4]]

The default list is applied to all lines".

My query:

1- Does the “login“ keyword mean use aaa authentication for every thing (vty, tty, aux, console, interface), or "default" keyword the one which deciede that ?

If we have got another example:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml#cfg_auth

aaa authentication login CONSOLE line

Does the “login“ keyword in this example ,mean use aaa authentication command for console line only (not for every thing) ?----The reason I am saying that , because the “default“ keyword (list type) has not been used here.

Labels:
0 Helpful
3 Replies 3

spremkumar
Level 9
Level 9

‎11-28-2005 12:20 AM

Hi

By default if u use the keyword default in conjunction with the aaa authentication command it does applies for all the connections like tty,vty,aux,console..

But if u prepare a seperate list for each connections like aaa authentication login VTY,aaa authentication login TTY,aaa authentication login CON.. and can apply them accordingly using login authentication under the respective modes.

basically u can define for TTY take the databse from radius or tacacs+ server if its not available take it from local ..for console take the database from local defined username and password or even nothing.

so it basically gives the flexibility in defining the methods or ways u can use up the command .

regds

zillah2004
Level 1
Level 1
In response to spremkumar

‎11-28-2005 04:01 AM

Thanks spremkumer for these informations

What the about the keywork "login" ?

1- Is "login" keyword ?

2- Is it mandotary to be conjuncted with aaa authentication ?

3- My early thread was about it

0 Helpful

spremkumar
Level 9
Level 9
In response to zillah2004

‎11-28-2005 05:02 AM

Hi

if u r configuring the authentication for the line vty or tty or console access using default profile or any specific profile its mandatory to key in the login word .

Again its the whole command for enabling the access..

instead if ur preparing for PPP access then u will mention out PPP in place of login..

regds

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents