Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

What exactly does "if-needed" do in the aaa authentication command?

What exact role does the "if-needed" keyword play?

What does it do?

When does it matter? Not matter?

Url great also.

  • Other Security Subjects
Cisco Employee

Re: What exactly does "if-needed" do in the aaa authentication c

"if-needed" generally used for authentication scheme..Let's say you want authentiction for PPP services and if user is authenticated for any other services (like EXEC or so) earlier (before starting PPP), with that keyword authentication will not be "needed" during PPP..

For exa--

aaa authentication ppp default if-needed group radius local

PPP authentication (for the list default) uses methods radius then local.

The if-needed keyword automatically permits ppp for users that have

successfully authenticated using exec mode. If the EXEC facility has

authenticated the user, RADIUS authentication for PPP is not performed.

This is necessary for clients that use terminal window after dial.

This widget could not be displayed.