Cisco Cisco IOS Software Release 12.4(2)XB6 Références techniques
-18
Cisco Broadband Wireless Gateway 1.4 Command Reference, IOS Release 12.4(15)XL5
OL-14681-01
Chapter Cisco Broadband Wireless Gateway 1.4 Command Reference, IOS Release 12.4(15)XL5
aaa authentication ppp
The additional methods of authentication are used only if the previous method returns an error, not if it
fails. Specify none as the final method in the command line to have authentication succeed even if all
methods return an error.
fails. Specify none as the final method in the command line to have authentication succeed even if all
methods return an error.
If authentication is not specifically set for a function, the default is none and no authentication is
performed. Use the more system:running-config command to display currently configured lists of
authentication methods.
performed. Use the more system:running-config command to display currently configured lists of
authentication methods.
Note
, the group radius, group tacacs+, and group group-name methods refer to a set of previously
defined RADIUS or TACACS+ servers. Use the radius-server host and tacacs+-server host commands
to configure the host servers. Use the aaa group server radius and aaa group server tacacs+
commands to create a named group of servers.
to configure the host servers. Use the aaa group server radius and aaa group server tacacs+
commands to create a named group of servers.
Cisco 10000 Series Router
The supports a maximum of 2,000 AAA method lists. If you configure more than 2,000 AAA method
lists, traceback messages appear on the console.
lists, traceback messages appear on the console.
Examples
The following example shows how to create a AAA authentication list called
MIS-access for serial lines
that use PPP. This authentication first tries to contact a TACACS+ server. If this action returns an error,
the user is allowed access with no authentication.
the user is allowed access with no authentication.
aaa authentication ppp MIS-access group tacacs+ none
Here is a sample configuration command for PAP authentication on the BWG.
!
aaa authentication ppp default group radius
!
Table 7
aaa authentication ppp Methods
Keyword Description
if-needed
Does not authenticate if the user has already been authenticated on a tty line.
krb5
Uses Kerberos 5 for authentication (can be used only for Password Authentication
Protocol [PAP] authentication).
Protocol [PAP] authentication).
local
Uses the local username database for authentication.
local-case
Uses case-sensitive local username authentication.
none
Uses no authentication.
cache group-name
Uses a cache server group for authentication.
group radius
Uses the list of all RADIUS servers for authentication.
group tacacs+
Uses the list of all TACACS+ servers for authentication.
group group-name Uses a subset of RADIUS or TACACS+ servers for authentication as defined by
the aaa group server radius or aaa group server tacacs+ command.