Configuring Authentication Access Order

Configure the order of the user authentication methods in Gaia Portal and Gaia Clish.

The Default Order and State

Priority

Server Type

State

Note

1 TACACS Off

See:

2 RADIUS On

See:

3 Local On

See:

When you configure Gaia OS to use several authentication methods, it uses them in this default order:

  1. TACACS+

  2. RADIUS

  3. Local

Authentication flow when a user enters the credentials:

  1. Authenticate the user on the configured TACACS+ servers.

    • If successful, the user logs in.

    • If failed, go to the next step.

  2. Authenticate the user on the configured RADIUS servers.

    • If successful, the user logs in.

    • If failed, go to the next step.

  3. Authenticate the user based on the local configuration.

    • If successful, the user logs in.

    • If failed, deny the login.

Configuration in Gaia Portal

  1. From the left tree, click User Management > Authentication Servers.

  2. In the section Authentication Access Order, select the applicable server type and click Edit.

  3. In the Priority field, configure the required priority.

  4. In the State field, select the applicable value ("On" or "Off").

  5. Click OK.

Configuration in Gaia Clish

This command shows the order in which Gaia OS uses the configured AAA servers if you enable them

show aaa order

Example Output:

gaia> show aaa order

Priority     Server Type         State

1            TACACS       Off
2            RADIUS       On
3            Local        On

gaia>

To configure the order of authentication access:

set aaa order {radius | tacacs | local} priority <1-3>

set aaa order {radius | tacacs | local} state {on | off}