beautypg.com

Brocade TurboIron 24X Series Configuration Guide User Manual

Page 144

background image

110

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring RADIUS security

The command above causes RADIUS to be the primary authentication method for securing access
to Privileged EXEC level and CONFIG levels of the CLI. If RADIUS authentication fails due to an error
with the server, local authentication is used instead. If local authentication fails, no authentication
is used; the device automatically permits access.

Syntax: [no] aaa authentication enable | login default [] []

[] [] [] []

The web-server | enable | login parameter specifies the type of access this authentication-method
list controls. You can configure one authentication-method list for each type of access.

The parameter specifies the primary authentication method. The remaining optional
parameters specify additional methods to try if an error occurs with the primary method.
A method can be one of the values listed in the Method Parameter column in the following table.

NOTE

For examples of how to define authentication-method lists for types of authentication other than
RADIUS, refer to

“Configuring authentication-method lists”

on page 115.

Entering privileged EXEC mode after a Telnet or SSH login

By default, a user enters User EXEC mode after a successful login through Telnet or SSH.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.

TurboIron(config)#aaa authentication login privilege-mode

Syntax: aaa authentication login privilege-mode

The user privilege level is based on the privilege level granted during login.

TABLE 25

Authentication method values

Method parameter

Description

line

Authenticate using the password you configured for Telnet access. The Telnet password is
configured using the enable telnet password… command. Refer to

“Setting a Telnet

password”

on page 74.

enable

Authenticate using the password you configured for the Super User privilege level. This
password is configured using the enable super-user-password… command. Refer to

“Setting passwords for management privilege levels”

on page 74.

local

Authenticate using a local user name and password you configured on the device. Local
user names and passwords are configured using the username… command. Refer to

“Configuring a local user account”

on page 82.

tacacs

Authenticate using the database on a TACACS server. You also must identify the server to
the device using the tacacs-server command.

tacacs+

Authenticate using the database on a TACACS+ server. You also must identify the server to
the device using the tacacs-server command.

radius

Authenticate using the database on a RADIUS server. You also must identify the server to
the device using the radius-server command.

none

Do not use any authentication method. The device automatically permits access.

See also other documents in the category Brocade Computer Accessories: