beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 79

background image

Multi-Service IronWare Security Configuration Guide

61

53-1003035-02

Configuring RADIUS security

1

Within the authentication-method list, RADIUS is specified as the primary authentication method
and up to six backup authentication methods are specified as alternates. If RADIUS authentication
fails due to an error, the device tries the backup authentication methods in the order they appear in
the list.

When you configure authentication-method lists for RADIUS, you must create a separate
authentication-method list for Telnet or SSH CLI access and for CLI access to the Privileged EXEC
level and CONFIG levels of the CLI.

To create an authentication-method list that specifies RADIUS as the primary authentication
method for securing Telnet access to the CLI, enter the following command.

Brocade(config)# enable telnet authentication

Brocade(config)# aaa authentication login default radius local

The commands above cause RADIUS to be the primary authentication method for securing Telnet
access to the CLI. If RADIUS authentication fails due to an error with the server, local authentication
is used instead.

To create an authentication-method list that specifies RADIUS as the primary authentication
method for securing access to Privileged EXEC level and CONFIG levels of the CLI, enter the
following command.

Brocade(config)# aaa authentication enable default radius local none

The command above causes RADIUS to be the primary authentication method for securing access
to Privileged EXEC level and CONFIG levels of the CLI. If RADIUS authentication fails due to an error
with the server, local authentication is used instead. If local authentication fails, no authentication
is used; the device automatically permits access.

For information on the command syntax, refer to

“Examples of authentication-method lists”

.

NOTE

For examples of how to define authentication-method lists for types of authentication other than
RADIUS, refer to

“Configuring authentication-method lists”

.

Entering privileged EXEC mode after a Telnet or SSH login

By default, a user enters User EXEC mode after a successful login through Telnet or SSH. You can
configure the device so that a user enters Privileged EXEC mode after a Telnet or SSH login. To do
this, use the following command.

Brocade(config)# aaa authentication login privilege-mode

Syntax: [no] aaa authentication login privilege-mode

The user’s privilege level is based on the privilege level granted during login.

Configuring enable authentication to prompt for
password only

If Enable authentication is configured on the device, by default, a user is prompted for a username
and password. when the user attempts to gain Super User access to the Privileged EXEC and
CONFIG levels of the CLI. You can configure the Brocade device to prompt only for a password. The
device uses the username (up to 48 characters) entered at login, if one is available. If no username
was entered at login, the device prompts for both username and password.

See also other documents in the category Brocade Computer Accessories: