我正在尝试理解我们的一个Cisco路由器上的配置(自学iOS),并遇到一行问题.
有人可以解释下面命令的“行启用”部分并检查我的其余信息以确保它是正确的吗?
aaa authentication login default group tacacs+ local line enable --- # Creates an authentication list that specifies the types of authentication methods allowed. # aaa authentication login = command to authenticate users who want exec (enable) access into the access server (tty,vty,console,and aux). ## default = the named list is the the default one (in this case the default one is default) # There are three authentication methods: ## TACACS+ ## local ## line # All users are authenticated using the tacacs+ server (the first method). If the TACACS+ server doesn't respond,then the router's local database is used (the second method). The local authentication,define the username and password:: ## username xxx password yyy # Because we are using the list default in the aaa authentication login command,login authentication is automatically applied for all login connections (such as tty,and aux).
解决方法
line和enable是在列表中先前方法失败后将尝试的其他身份验证方法.
行身份验证使用在行配置中定义的密码,因此它可能会根据您的连接方法而有所不同. enable authentication只使用enable password命令中定义的enable password.
以下是可用于身份验证列表的方法的参考:
(config)#aaa authentication login default ? cache Use Cached-group enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication.
