思科 – 有人可以解释IOS线路认证吗?

前端之家收集整理的这篇文章主要介绍了思科 – 有人可以解释IOS线路认证吗?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在尝试理解我们的一个Cisco路由器上的配置(自学iOS),并遇到一行问题.

有人可以解释下面命令的“行启用”部分并检查我的其余信息以确保它是正确的吗?

aaa authentication login default group tacacs+ local line enable
---
# Creates an authentication list that specifies the types of authentication methods allowed.

# aaa authentication login = command to authenticate users who want exec (enable) access into the access server (tty,vty,console,and aux).
## default = the named list is the the default one (in this case the default one is default)

# There are three authentication methods:
## TACACS+
## local
## line

# All users are authenticated using the tacacs+ server (the first method). If the TACACS+ server doesn't respond,then the router's local database is used (the second method). The local authentication,define the username and password::
## username xxx password yyy

# Because we are using the list default in the aaa authentication login command,login authentication is automatically applied for all login connections (such as tty,and aux). 

解决方法

line和enable是在列表中先前方法失败后将尝试的其他身份验证方法.

行身份验证使用在行配置中定义的密码,因此它可能会根据您的连接方法而有所不同. enable authentication只使用enable password命令中定义的enable password.

以下是可用于身份验证列表的方法的参考:

(config)#aaa authentication login default ?
  cache        Use Cached-group
  enable       Use enable password for authentication.
  group        Use Server-group
  krb5         Use Kerberos 5 authentication.
  krb5-telnet  Allow logins only if already authenticated via Kerberos V
               Telnet.
  line         Use line password for authentication.
  local        Use local username authentication.
  local-case   Use case-sensitive local username authentication.
  none         NO authentication.

猜你在找的iOS相关文章