beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 56

background image

38

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring TACACS or TACACS+ security

1

The commands above cause TACACS or TACACS+ to be the primary authentication method for
securing Telnet or SSH access to the CLI. If TACACS or TACACS+ authentication fails due to an error
with the server, authentication is performed using local user accounts instead.

To create an authentication-method list that specifies TACACS or TACACS+ as the primary
authentication method for securing access to Privileged EXEC level and CONFIG levels of the CLI.

Brocade(config)# aaa authentication enable default tacacs+ local none

The command above causes TACACS or TACACS+ to be the primary authentication method for
securing access to Privileged EXEC level and CONFIG levels of the CLI. If TACACS or TACACS+
authentication fails due to an error with the server, local authentication is used instead. If local
authentication fails, no authentication is used; the device automatically permits access.

For information on the command syntax, refer

“Examples of authentication-method lists”

.

NOTE

For examples of how to define authentication-method lists for types of authentication other than
TACACS or TACACS+, refer to

“Configuring authentication-method lists”

.

Entering privileged EXEC mode after a console,
Telnet or SSH login

By default, a user enters User EXEC mode after a successful login using a non-AAA method through
console, Telnet or SSH. Optionally, you can configure the device so that a user enters Privileged
EXEC mode after a console, Telnet or SSH login. To do this, use the following command.

Brocade(config)# aaa authentication login privilege-mode

Syntax: [no] aaa authentication login privilege-mode

The user’s privilege level is based on the privilege level granted during login.

Limitations when automatically entering privilege EXEC mode for SSH session with public-key
authentication

Features that require user identity will continue to behave as if no user identity was provided.

The authentication, authorization and accounting will not be performed through AAA.

Enabling automatically entering Privilege EXEC mode access for SSH session with public-key
authentication

Example 1:

Brocade (config) # aaa authentication login default local

Brocade (config) # aaa authentication login privilege-mode

NOTE

After successful key-authentication, the SSH session will be placed into the Privileged EXEC mode.

Example 2:

Brocade (config) # aaa authentication enable default local

Brocade (config) # aaa authentication login privilege-mode

Brocade (config) # ip ssh password-authentication no

Brocade (config) # ip ssh interactive-authentication no

See also other documents in the category Brocade Computer Accessories: