beautypg.com

Resetting the login authentication mode, Changing the login authentication mode – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 279

background image

Setting and verifying the login authentication mode

The following procedure configures TACACS+ as the primary source of authentication and the switch-
local user database as the secondary source.

1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.

switch# configure terminal

Entering configuration mode terminal

2. Enter the aaa authentication login command with the specified parameters.

switch(config)# aaa authentication login tacacs+ local

Broadcast message from root (pts/0) Tue Apr 5 16:34:12 2011...

AAA Server Configuration Change: all accounts will be logged out

3. Enter the do show running-config aaa command to display the configuration.

switch(config)# do

show running-config aaa

aaa authentication login tacacs+ local

4. Log in to the switch using an account with TACACS+-only credentials to verify that TACACS+ is

being used to authenticate the user.

Resetting the login authentication mode

1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.

switch# configure terminal

Entering configuration mode terminal

2. Enter the no aaa authentication login command to remove the configured authentication sequence

and to restore the default value (Local only).

switch(config)# no aaa authentication login

3. Verify the configuration with the do show running-config aaa command.

switch(config)# do show running-config aaa

aaa authentication login local

4. Log in to the switch using an account with TACACS+-only credentials. The login should fail with an

"access denied" error.

5. Log in to the switch using an account with local-only credentials. The login should succeed.

Changing the login authentication mode

You can set the authentication mode with the aaa authentication login command, but you cannot
change or delete an existing authentication mode with the same command. You can only reset the
configuration to the default value using the no aaa authentication login command and then
reconfigure the authentication sequence to the correct value.

1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.

switch# configure terminal

Entering configuration mode terminal

2. Enter the no aaa authentication login command to reset the configuration to the default value.

switch(config)# no aaa authentication login tacacs+ local

3. Enter the aaa authentication login command and specify the desired authentication mode.

switch(config)# aaa authentication login radius local

Broadcast message from root (pts/0) Tue Apr 5 16:34:12 2011...

AAA Server Configuration Change: all accounts will be logged out

4. Verify the configuration with the do show running-config aaa command.

switch(config)# do show running-config aaa

aaa authentication login radius local

5. Log in to the switch using an account with TACACS+ credentials. The login should fail with an

"access denied" error.

6. Log in to the switch using an account with RADIUS credentials. The login should succeed.

Setting and verifying the login authentication mode

Network OS Administrator’s Guide

279

53-1003225-04

See also other documents in the category Brocade Computer Accessories: