beautypg.com

Radius authorization, Configuring exec authorization – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 69

background image

Authentication method values (Continued)

TABLE 7

Method parameter Description

none

Do not use any authentication method. The device automatically permits access.

NOTE
For examples of how to define authentication-method lists for types of authentication other than
RADIUS, refer to

Authentication-method lists

on page 75.

Entering privileged EXEC mode after a Telnet or SSH login

By default, a user enters User EXEC mode after a successful login through Telnet or SSH. Optionally,
you can configure the device so that a user enters Privileged EXEC mode after a Telnet or SSH login.
To do this, use the following command.

device(config)#aaa authentication login privilege-mode

Syntax: aaa authentication login privilege-mode

The user privilege level is based on the privilege level granted during login.

Configuring enable authentication to prompt for password only

If Enable authentication is configured on the device, when a user attempts to gain Super User access to
the Privileged EXEC and CONFIG levels of the CLI, by default he or she is prompted for a username
and password. You can configure the Brocade device to prompt only for a password. The device uses
the username entered at login, if one is available. If no username was entered at login, the device
prompts for both username and password.

To configure the Brocade device to prompt only for a password when a user attempts to gain Super
User access to the Privileged EXEC and CONFIG levels of the CLI.

device(config)#aaa authentication enable implicit-user

Syntax: [no] aaa authentication enable implicit-user

RADIUS authorization

Brocade devices support RADIUS authorization for controlling access to management functions in the
CLI. Two kinds of RADIUS authorization are supported:

• Exec authorization determines a user privilege level when they are authenticated
• Command authorization consults a RADIUS server to get authorization for commands entered by the

user

Configuring exec authorization

When RADIUS exec authorization is performed, the Brocade device consults a RADIUS server to
determine the privilege level of the authenticated user. To configure RADIUS exec authorization on the
Brocade device, enter the following command.

device(config)#aaa authorization exec default radius

Entering privileged EXEC mode after a Telnet or SSH login

FastIron Ethernet Switch Security Configuration Guide

69

53-1003088-03

See also other documents in the category Brocade Computer Accessories: