aaa authentication snmp-server
Configures the AAA authentication method for SNMP server access.
Syntax
Command Default
The AAA authentication method list is not configured.
Parameters
- default
- Configures the default authentication method list.
- method-list
- Configures the following authentication methods.
- enable
- Authenticate using the password you configured for the Super User privilege level. This password is configured using the enable super-user-password command.
- line
- Authenticate using the password you configured for Telnet access. The Telnet password is configured using the enable telnet password command
- local
- Authenticate using a local username and password you configured on the device. Local usernames and passwords are configured using the username command.
- none
- Does not use any authentication method. The device automatically permits access.
- radius
- Authenticate using the database on a RADIUS server. You also must identify the server to the device using the radius-server command.
- tacacs
- Authenticate using the database on a TACACS server. You also must identify the server to the device using the tacacs-server command.
- tacacs+
- Authenticate using the database on a TACACS+ server. You also must identify the server to the device using the tacacs-server command.
Modes
Global configuration mode
Usage Guidelines
You can specify a primary authentication method and up to six backup authentication methods. If the configured primary authentication fails due to an error, the device tries the backup authentication methods in the order they appear in the list.
- snAgGblPassword=" username password " (for AAA method local)
- snAgGblPassword=" password " (for AAA method line, enable)
If AAA is set up to check both the username and password, the string contains the username, followed by a space and then the password. If AAA is set up to authenticate with the current Enable or Line password, the string contains the password only. The configuration can be overridden by the no snmp-server pw-check command, which disables password checking for SNMP SET requests.
The no form of the command removes the authentication method.
Examples
The following example shows how to configure incoming SNMP SET operations to be authenticated using the locally configured usernames and passwords.
device(config)# aaa authentication snmp-server default local