I'm trying to understand a config on one of our Cisco routers (teaching myself iOS) and have run into a problem with one line.
Can somebody please explain the "line enable" piece of the command below and check the rest of my information to ensure it is correct?
aaa authentication login default group tacacs+ local line enable --- # Creates an authentication list that specifies the types of authentication methods allowed. # aaa authentication login = command to authenticate users who want exec (enable) access into the access server (tty, vty, console, and aux). ## default = the named list is the the default one (in this case the default one is default) # There are three authentication methods: ## TACACS+ ## local ## line # All users are authenticated using the tacacs+ server (the first method). If the TACACS+ server doesn't respond, then the router's local database is used (the second method). The local authentication, define the username and password:: ## username xxx password yyy # Because we are using the list default in the aaa authentication login command, login authentication is automatically applied for all login connections (such as tty, vty, console, and aux).
lineandenableare additional methods of authentication that will be attempted after failure of the previous methods in the list.lineauthentication uses a password that's defined in yourlineconfigs, so it can vary based on your connection method.enableauthentication simply uses theenablepassword defined in theenable passwordcommand.Here's a reference of the methods available for the authentication list: