UBQN_R01(config-line)#login authentication ?
WORD Use an authentication list with this name.
default Use the default authentication list.
tôi set password for VTY mà không được?

Nếu chỉ dùng set password cho line vty thì như sau:

Router(config)#line vty 0 4 (cho tất cả các line vty, có thể set riêng cho 1 line như sau: line vty 4)
Router(config-line)#password <mật mã>
Router(config-line)#login
Router(config-line)#exit

Đây là cách đơn giản nhất để xác thực việc truy nhập = line password.

Ngoài ra có thể dùng AAA (access, authentication, authoriztion), với 2 protocol thông dụng là RADIUS, TACACS+ để xác thực, phần này sẽ được cover trong CCNP Building Cisco Remote Access Network (CCNP 2).

Về câu lệnh login authentication:
Đây là câu lệnh dùng trong quá trình config AAA authentication

When configuring AAA authentication, use the following three-step process for each aaa authentication command:
Step 1.Specify the authentication type whether login, enable, PPP, and so on.
Step 2. Specify the method list as default or give it a name.
Step 3. List, in order, the authentication methods to be tried.

Câu lệnh này được dùng ở step 3 khi ta apply một authentication method được đặt tên, trong đó các policy cho việc xác thực đã được định nghĩa ở step 1.
Named method lists for login authentication are applied using the login authentication command.

Router(config-line)#login authentication [listname]

Ví dụ cụ thể: Một method có tên là admins được định nghĩa để xác định các policies cho việc xác thực (authentication) của các async line.
Cũng có thể áp dụng cho vty line.

Cấu hình dùng protocol RADIUS.

aaa new-model

aaa authentication login admins local

aaa authentication ppp dialins group radius local

aaa authorization network default group radius local

aaa accounting network default start-stop group radius


username root password ALongPassword


radius-server host alcatraz

radius-server key myRaDiUSpassWoRd


interface group-async 1

group-range 1 16

encapsulation ppp

ppp authentication ms-chap dialins


line 1 16

autoselect ppp

autoselect during-login

login authentication admins

modem dialin


The lines in this sample RADIUS AAA configuration are defined as follows:

•The aaa new-model command enables AAA network security services.

•The aaa authentication login admins local command defines another method list, "admins", for login authentication.

•The aaa authentication ppp dialins group radius local command defines the authentication method list "dialins," which specifies that RADIUS authentication then (if the RADIUS server does not respond) local authentication will be used on serial lines using PPP.

•The aaa authorization network default group radius local command is used to assign an address and other network parameters to the RADIUS user.

•The aaa accounting network default start-stop group radius command tracks PPP usage.

•The username command defines the username and password to be used for the PPP Password Authentication Protocol (PAP) caller identification.

•The radius-server host command defines the name of the RADIUS server host.

•The radius-server key command defines the shared secret text string between the network access server and the RADIUS server host.

•The interface group-async command selects and defines an asynchronous interface group.

•The group-range command defines the member asynchronous interfaces in the interface group.

•The encapsulation ppp command sets PPP as the encapsulation method used on the specified interfaces.

•The ppp authentication ms-chap dialins command selects MS-CHAP as the method of PPP authentication and applies the "dialins" method list to the specified interfaces.

•The line command switches the configuration mode from global configuration to line configuration and identifies the specific lines being configured.

•The autoselect ppp command configures the Cisco IOS software to allow a PPP session to start up automatically on these selected lines.

•The autoselect during-login command is used to display the username and password prompt without pressing the Return key. After the user logs in, the autoselect function (in this case, PPP) begins.

•The login authentication admins command applies the "admins" method list for login authentication.

•The modem dialin command configures modems attached to the selected lines to only accept incoming calls.

Link tham khảo về config AAA

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7 a8.html