224 AAA CommandsUser GuidelinesThe default and optional list names created with the aaa authenticationlogin command are used with the login authentication command. Create alist by entering the aaa authentication loginlist-name method command fora particular protocol, wherelist-name is any character string used to namethis list. Themethod argument identifies the list of methods that theauthentication algorithm tries, in the given sequence.The additional methods of authentication are attempted only if the previousmethod returns an error, not if there is an authentication failure. Only theRADIUS, TACACS+, local and enable methods can return an error. Toensure that authentication succeeds even if all methods return an error,specify none as the final method in the command line. For example, if none isspecified as an authentication method after radius, no authentication is usedif the RADIUS server is down. If specified, none must be the last method inthe list.NOTE: Auth-Type:=Local doesn’t work for recent versions of FreeRadius.FreeRadius ignores the configuration if Local is used. Administrators should removeAuth-Type=Local and use the PAP or CHAP modules instead.ExampleThe following example configures the default authentication login to attemptRADIUS authentication, then local authentication, then enableauthentication, and then, if all the previous methods returned an error, allowthe user access (none method).console(config)# aaa authentication login default radius local enable noneaaa authorizationUse the aaa authorization command to create an authorization method list.A list may be identified by a user-specified list-name or the keyword default.Use the no form of the command to delete an authorization list.Syntaxaaa authorization {commands|exec}{default|list-name} method1[method2]no aaa authorization {commands|exec} {default|list-name}