Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Related Documentation


    aaa authentication login


    aaa authentication login { default | authListName } authenticator [ authenticator ]*

    no aaa authentication login authListName

    Release Information

    Command introduced before JunosE Release 7.1.0.


    Creates an authentication list and the criteria for login. This authentication is applied to vty users. After you have specified aaa new-model as the authentication method for vty lines, an authentication list called default is automatically assigned to the vty lines. To allow users to access the vty lines, you must create an authentication list and either:

    • Name the list default.
    • Assign a different name to the authentication list, and assign the new list to the vty line using the login authentication command.

    The system traverses the list of authentication methods to determine whether a user is allowed to start a Telnet session. If a specific method is available but the user information is not valid (such as an incorrect password), the system does not continue to traverse the list and denies the user a session. If a specific method is unavailable, the system continues to traverse the list. For example, if tacacs+ is the first authentication type element on the list and the TACACS+ server is unreachable, the system attempts to authenticate with the next authentication type on the list, such as radius. The system assumes an implicit denial of service if it reaches the end of the authentication list without finding an available method. The no version disables AAA authentication.


    • default—Specifies the use of the default login for authentication
    • authListName—Existing authentication list name (created using the login authentication command); a string of 1–32 characters
    • authenticator—Authentication method:
      • line—Use the line password for authentication
      • none—Use no authentication
      • radius—Use RADIUS authentication
      • tacacs+—Use TACACS+ authentication
    • *—Indicates that one or more parameters can be repeated multiple times in a list in the command line


    Global Configuration


    Related Documentation


    Published: 2014-08-20