我正在尝试理解我们的一个Cisco路由器上的配置(自学iOS),并遇到一行问题.
有人可以解释下面命令的“行启用”部分并检查我的其余信息以确保它是正确的吗?
aaa authentication login default group tacacs+ local line enable --- # Creates an authentication list that specifies the types of authentication methods allowed. # aaa authentication login = command to authenticate users who want exec (enable) access into the access server (tty,vty,console,and aux). ## default = the named list is the the default one (in this case the default one is default) # There are three authentication methods: ## TACACS+ ## local ## line # All users are authenticated using the tacacs+ server (the first method). If the TACACS+ server doesn't respond,then the router's local database is used (the second method). The local authentication,define the username and password:: ## username xxx password yyy # Because we are using the list default in the aaa authentication login command,login authentication is automatically applied for all login connections (such as tty,and aux).
解决方法
line和enable是在列表中先前方法失败后将尝试的其他身份验证方法.
行身份验证使用在行配置中定义的密码,因此它可能会根据您的连接方法而有所不同. enable authentication只使用enable password命令中定义的enable password.
以下是可用于身份验证列表的方法的参考:
(config)#aaa authentication login default ? cache Use Cached-group enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication.
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。