Configuring Authentication Access Order
Configure the order of the user authentication methods in Gaia Portal and Gaia Clish.
The Default Order and State
Priority |
Server Type |
State |
Note |
---|---|---|---|
1 | TACACS | Off |
See: |
2 | RADIUS | On |
See: |
3 | Local | On |
See: |
When you configure Gaia OS to use several authentication methods, it uses them in this default order:
-
TACACS+
-
RADIUS
-
Local
Authentication flow when a user enters the credentials:
-
Authenticate the user on the configured TACACS+ servers.
-
If successful, the user logs in.
-
If failed, go to the next step.
-
-
Authenticate the user on the configured RADIUS servers.
-
If successful, the user logs in.
-
If failed, go to the next step.
-
-
Authenticate the user based on the local configuration.
-
If successful, the user logs in.
-
If failed, deny the login.
-
Configuration in Gaia Portal
-
From the left tree, click User Management > Authentication Servers.
-
In the section Authentication Access Order, select the applicable server type and click Edit.
-
In the Priority field, configure the required priority.
-
In the State field, select the applicable value ("
On
" or "Off
"). -
Click OK.
Configuration in Gaia Clish
This command shows the order in which Gaia OS uses the configured AAA servers if you enable them
|
Example Output:
gaia> show aaa order Priority Server Type State 1 TACACS Off 2 RADIUS On 3 Local On gaia> |
To configure the order of authentication access:
|
|