beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 86

background image

68

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring AAA authentication-method lists for login

1

3. Enter “exit” to display the following login prompt on the console window.

"Press Enter key to login".

4. Press the Enter, key to begin the login process.

The next prompt to appear is determined by the first method configured in the login
authentication configuration. If it is not TACACS+, the default prompts are used.

NOTE

If you use the use the aaa console command to enable AAA, you must make sure that the method
lists are configured to allow access. Otherwise, you will be locked out of the console.

Configuring AAA authentication-method
lists for login

With AAA is enabled on the console, you must configure an authentication-method list to set the
conditions for granting access to the console. The authentication methods supported on the
Brocade devices include the following:

enable

line

local

radius

tacacs

tacacs+

none

When a list is configured, the first method listed is attempted to provide authentication at login. If
that method is not available, (for example, a TACACs server can not be reached) the next method is
tried until a method in the list is available or all methods have been tried. You can place the method
none at the end of a list to ensure that access will always be available if all active methods fail.

To configure a AAA authentication-method list for login, use the following command.

Brocade(config)# aaa authentication login default tacacs+ local none

In this configuration, tacacs+ would be tried first. If a tacacs+ server cannot be reached, the local
system password would be used. If this method fails, authentication would default to none.

Syntax: [no] aaa authentication login default enable line local none radius tacacs tacacs+

The enable option uses the enable password configured on the device to grant access to the
console.

The line option uses the line password configured on the device to grant access to the console.

The local option uses the local password configured on the device to grant access to the console.

The radius option uses authentication provided by a radius server to grant access to the console.

The tacacs option uses authentication provided by a tacacs server to grant access to the console.

The tacacs+ option uses authentication provided by a tacacs+ server to grant access to the
console.

See also other documents in the category Brocade Computer Accessories: