104 BigIron RX Series Configuration Guide53-1001810-01Configuring RADIUS security4The commands above cause RADIUS to be the primary authentication method for securing Telnetaccess to the CLI. If RADIUS authentication fails due to an error with the server, local authenticationis used instead.To create an authentication-method list that specifies RADIUS as the primary authenticationmethod for securing access to Privileged EXEC level and CONFIG levels of the CLI.BigIron RX(config)# aaa authentication enable default radius local noneThe command above causes RADIUS to be the primary authentication method for securing accessto Privileged EXEC level and CONFIG levels of the CLI. If RADIUS authentication fails due to an errorwith the server, local authentication is used instead. If local authentication fails, no authenticationis used; the device automatically permits access.For information on the command syntax, refer to “Examples of authentication-method lists” onpage 111.NOTEFor examples of how to define authentication-method lists for types of authentication other thanRADIUS, refer to “Configuring authentication-method lists” on page 109.Entering privileged EXEC mode after a Telnet or SSH loginBy default, a user enters User EXEC mode after a successful login through Telnet or SSH. You canconfigure the device so that a user enters Privileged EXEC mode after a Telnet or SSH login. To dothis, use the following command.BigIron RX(config)# aaa authentication login privilege-modeSyntax: aaa authentication login privilege-modeThe user’s privilege level is based on the privilege level granted during login.Configuring Enable authentication to prompt for password onlyIf Enable authentication is configured on the device, by default, a user is prompted for a usernameand password. when the user attempts to gain Super User access to the Privileged EXEC andCONFIG levels of the CLI. You can configure the device to prompt only for a password. The deviceuses the username (up to 255 characters) entered at login, if one is available. If no username wasentered at login, the device prompts for both username and password.To configure the device to prompt only for a password when a user attempts to gain Super Useraccess to the Privileged EXEC and CONFIG levels of the CLI.BigIron RX(config)# aaa authentication enable implicit-userSyntax: [no] aaa authentication enable implicit-userConfiguring RADIUS authorizationThe device supports RADIUS authorization for controlling access to management functions in theCLI. Two kinds of RADIUS authorization are supported:• Exec authorization determines a user’s privilege level when they are authenticated• Command authorization consults a RADIUS server to get authorization for commands enteredby the user