11-25-2005 11:58 AM - edited 03-10-2019 02:23 PM
CCNP3 Multilayer Switching Curriculum cisco says:
"The aaa authentication login command enables AAA authentication for logins on :
1- Terminal lines (TTYs).
2- Virtual terminal lines (VTYs)
3- Console (con 0).
Using this command can create one or more lists that are tried at login:
Router(config)#aaa authentication login {default | list-name } method1 [...[method4]]
The default list is applied to all lines".
My query:
1- Does the login keyword mean use aaa authentication for every thing (vty, tty, aux, console, interface), or "default" keyword the one which deciede that ?
If we have got another example:
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml#cfg_auth
aaa authentication login CONSOLE line
Does the login keyword in this example ,mean use aaa authentication command for console line only (not for every thing) ?----The reason I am saying that , because the default keyword (list type) has not been used here.
11-28-2005 12:20 AM
Hi
By default if u use the keyword default in conjunction with the aaa authentication command it does applies for all the connections like tty,vty,aux,console..
But if u prepare a seperate list for each connections like aaa authentication login VTY,aaa authentication login TTY,aaa authentication login CON.. and can apply them accordingly using login authentication under the respective modes.
basically u can define for TTY take the databse from radius or tacacs+ server if its not available take it from local ..for console take the database from local defined username and password or even nothing.
so it basically gives the flexibility in defining the methods or ways u can use up the command .
regds
11-28-2005 04:01 AM
Thanks spremkumer for these informations
What the about the keywork "login" ?
1- Is "login" keyword ?
2- Is it mandotary to be conjuncted with aaa authentication ?
3- My early thread was about it
11-28-2005 05:02 AM
Hi
if u r configuring the authentication for the line vty or tty or console access using default profile or any specific profile its mandatory to key in the login word .
Again its the whole command for enabling the access..
instead if ur preparing for PPP access then u will mention out PPP in place of login..
regds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide