Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual
Page 11

Network OS NETCONF Operations Guide
xi
53-1003231-02
Network OS Security Configuration
Managing user accounts with NETCONF overview . . . . . . . . . . . . . . . . 173
Default accounts in the local switch user database . . . . . . . . . . . 174
Creating and modifying a user account . . . . . . . . . . . . . . . . . . . . . 174
Role-based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Default roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
User-defined roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Command access rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Configuring a placeholder rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Password strength policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Password encryption policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Account lockout policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Password interaction with remote AAA servers . . . . . . . . . . . . . . . 193
Managing password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
External Server Authentication
Remote server authentication with NETCONF overview. . . . . . . . . . . . 197
Login authentication mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Setting and verifying the login authentication mode. . . . . . . . . . . 198
Adding a RADIUS server to the client’s server list . . . . . . . . . . . . . 203
Modifying the RADIUS server configuration . . . . . . . . . . . . . . . . . . 204
Removing a RADIUS server from a client’s server list . . . . . . . . . . 206
Configuring the client to use RADIUS for login authentication . . . 206
Adding a TACACS+ server to the client’s server list . . . . . . . . . . . . 207
Modifying the TACACS+ server configuration. . . . . . . . . . . . . . . . . 209
Removing a TACACS+ server from a client’s server list. . . . . . . . . 210
Configuring the client to use TACACS+ for login authentication . . 211
TACACS+ accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Enabling login accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Enabling command accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Disabling accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214