Implementing Authentication, Authorization, and Accounting – AAA
Configuring basic AAA and authentication

Configuring AAA is relatively simple after understanding the basic process shown in Figures  and .

The AAA security services facilitate a variety of login authentication methods. Use the aaa authentication login command to enable AAA authentication. With the aaa authentication login command, create one or more lists of authentication methods that are tried at login. These lists are applied using the login authentication line configuration command.

To configure login authentication by using AAA, use the commands in this Figure , beginning in global configuration mode.

To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line . For example, to specify that authentication should succeed even if, as in this example, the TACACS+ server returns an error, enter the following command:

aaa authentication login default group tacacs+ none
NOTE:

Because the none keyword enables any user logging in to successfully authenticate, it should be used only as a backup method of authentication.

To create a default list that is used when a named list is not specified in the login authentication command, use the default keyword followed by the methods that are to be used in default situations. The default method list is automatically applied to all interfaces.

Example: Configuring Authentication
The following example creates an authentication list called "myway" that uses TACACS+ as the first authentication method and local authentication as the second. The authentication list is then applied to a line.

Switch(config)#aaa authentication login myway tacacs+ local
Switch(config)#line con 0
Switch(config-line)#login authentication myway
Authentication