beautypg.com

Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 68

background image

When you configure authentication-method lists for RADIUS, you must create a separate
authentication-method list for Telnet or SSH CLI access and for CLI access to the Privileged EXEC
level and CONFIG levels of the CLI.

To create an authentication-method list that specifies RADIUS as the primary authentication method
for securing Telnet access to the CLI.

device(config)#enable telnet authentication

device(config)#aaa authentication login default radius local

The commands above cause RADIUS to be the primary authentication method for securing Telnet
access to the CLI. If RADIUS authentication fails due to an error with the server, local authentication is
used instead.

To create an authentication-method list that specifies RADIUS as the primary authentication method
for securing access to Privileged EXEC level and CONFIG levels of the CLI.

device(config)#aaa authentication enable default radius local none

The command above causes RADIUS to be the primary authentication method for securing access to
Privileged EXEC level and CONFIG levels of the CLI. If RADIUS authentication fails due to an error
with the server, local authentication is used instead. If local authentication fails, no authentication is
used; the device automatically permits access.

Syntax: [no] aaa authentication { enable | login default } method 1 [ method 2-7 ]

The aaa authentication | enable | login parameter specifies the type of access this authentication-
method list controls. You can configure one authentication-method list for each type of access.

The method1 parameter specifies the primary authentication method. The remaining optional method
parameters specify additional methods to try if an error occurs with the primary method. A method can
be one of the values listed in the Method Parameter column in the following table.

Authentication method values

TABLE 7

Method parameter Description

line

Authenticate using the password you configured for Telnet access. The Telnet password is
configured using the enable telnet password... command. Refer to

Setting a Telnet

password

on page 32.

enable

Authenticate using the password you configured for the Super User privilege level. This
password is configured using the enable super-user-password... command. Refer to

Setting passwords for management privilege levels

on page 32.

local

Authenticate using a local user name and password you configured on the device. Local
user names and passwords are configured using the username... command. Refer to

Local

user account configuration

on page 40.

tacacs

Authenticate using the database on a TACACS server. You also must identify the server to
the device using the tacacs-server command.

tacacs+

Authenticate using the database on a TACACS+ server. You also must identify the server to
the device using the tacacs-server command.

radius

Authenticate using the database on a RADIUS server. You also must identify the server to
the device using the radius-server command.

Security Access

68

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: