Define the Method Lists

To set AAA authentication at login, use the aaa authentication login global configuration command. Use the no form of this command to disable AAA authentication. The syntax is

Rtr1(config)#aaa authentication login {default | list-name} method1 [method2...]
Rtr1(config)#no aaa authentication login {default | list-name} method1 [method2...]

default	Uses the listed authentication methods as the default list to be used when a user logs in
list-name	A character string used to name the list of authentication methods that can be specified to be used when a user logs in
method	At least one of the keywords described in the next table

The method argument identifies the list of methods the authentication algorithm tries, in the stated sequence. Method keywords are described in the following table.

Keyword	Description
group tacacs+	Use the list of all TACACS+ servers to authenticate services.
group radius	Use the list of all RADIUS servers to authenticate services.
group group-name	Use a subset of RADIUS or TACACS+ servers for authentication, as defined by the server group group-name.
local	Use the local user name database for authentication.
local-case	Use the case-sensitive local user name database for authentication.
Enable	Use enable password for authentication.
Line	Use the line password for authentication.
krb5	Use Kerberos 5 for authentication.
krb5-telnet	Use Kerberos 5 Telnet authentication protocol when using Telnet to connect to the router.
none	Use no authentication—no security.

The additional methods of authentication are used only if the preceding method returns an error, not if it fails. To ensure that the authentication succeeds, even if all methods return an error, specify none as the final method in the command line.

c3 aaa Implementing Authentication

Define the Method Lists—Login

admin