show aaa authentication

Syntax

show aaa authentication [vsx-peer]

Description

Shows a table of server groups based on the sequence of authentication access. For local authentication, group name local is shown.

Command context

Operator (>) or Manager (#)

Parameters

[vsx-peer]

Shows the output from the VSX peer switch. If the switches do not have the VSX configuration or the ISL is down, the output from the VSX peer switch is not displayed.

Authority

Operators or Administrators. Users without administrator authority can execute this command from the operator context (>) only.

Example

In the following example, the group priority represents a sequence of a group, which differs from TACACS+ server group priority. TACACS+ server group priority is a sequence of servers assigned to a group.

Showing table of server groups with TACACS+ groups and local:

switch(config)# aaa authentication login default group tac_grp1 tacacs local
switch(config)#
switch(config)# do show aaa authentication
AAA Authentication:
  Fail-through                          : Disabled
  Limit Login Attempts                  : Not set
  Lockout Time                          : 300
  Minimum Password Length               : Not set

Default Authentication for All Channels:
---------------------------------------------------------------------------------
GROUP NAME                       | GROUP PRIORITY
---------------------------------------------------------------------------------
tac_grp1                         | 0
tacacs                           | 1
local                            | 2
---------------------------------------------------------------------------------
switch(config)#

Showing the authentication sequence for RADIUS groups and local:

switch(config)# aaa authentication login default group rad_grp1 radius local
switch(config)#
switch(config)# do show aaa authentication
AAA Authentication:
  Fail-through                          : Disabled
  Limit Login Attempts                  : Not set
  Lockout Time                          : 300
  Minimum Password Length               : Not set

Default Authentication for All Channels:
---------------------------------------------------------------------------------
GROUP NAME                       | GROUP PRIORITY
---------------------------------------------------------------------------------
rad_grp1                         | 0
radius                           | 1
local                            | 2
---------------------------------------------------------------------------------
switch(config)#

Showing table of server groups with only local:

switch(config)# aaa authentication login default local
switch(config)#
switch# show aaa authentication
AAA Authentication:
  Fail-through                          : Disabled
  Limit Login Attempts                  : Not set
  Lockout Time                          : 300
  Minimum Password Length               : Not set

Default Authentication for All Channels:
---------------------------------------------------------------------------------
GROUP NAME                       | GROUP PRIORITY
---------------------------------------------------------------------------------
local                            | 0