if you want users who telnet/SSH to vty ports or who are on the console to authenticate with the radius server you should add something like this to your configuration:
aaa authentication login default group radius line
This will send an authentication request to the configured radius server and if there is an error from the radius server (this is different from a negative response) then the router will authenticate using the configured line password. This will work for both telnet and SSH connections and for login from the console.
You are correct that there are quite a few optional parameters. These are to allow flexibility in what is the primary authentication method and what (if any) fall back methods you wish to use.
From user mode going to enable mode you could configure the router to use the enable password/enable secret or you can configure it to use radius. I believe that best practice is to use radius rather than the local enable password/enable secret.
aaa authentication enable default group radius enable
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...