beautypg.com

Configuring radius authorization, Configuring exec authorization – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 106

background image

94

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring RADIUS security

2

NOTE

For examples of how to define authentication-method lists for types of authentication other than
RADIUS, refer to

“Configuring authentication-method lists”

on page 99.

Entering privileged EXEC mode after a Telnet or SSH login

By default, a user enters User EXEC mode after a successful login through Telnet or SSH.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.

Virtual ADX(config)#aaa authentication login privilege-mode

Syntax: aaa authentication login privilege-mode

The user’s privilege level is based on the privilege level granted during login.

Configuring enable authentication to prompt for password only

If Enable authentication is configured on the device, when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI, by default he or she is prompted for a
username and password. You can configure the Brocade Virtual ADX to prompt only for a password.
The device uses the username entered at login, if one is available. If no username was entered at
login, the device prompts for both username and password.

To configure the Brocade Virtual ADX to prompt only for a password when a user attempts to gain
Super User access to the Privileged EXEC and CONFIG levels of the CLI, enter the following
command.

Virtual ADX(config)#aaa authentication enable implicit-user

Syntax: [no] aaa authentication enable implicit-user

Configuring RADIUS authorization

Brocade Virtual ADX devices support RADIUS authorization for controlling access to management
functions in the CLI. Two kinds of RADIUS authorization are supported:

Exec authorization determines a user’s privilege level when they are authenticated

Command authorization consults a RADIUS server to get authorization for commands entered
by the user

Configuring Exec authorization

When RADIUS exec authorization is performed, the Brocade Virtual ADX consults a RADIUS server
to determine the privilege level of the authenticated user. To configure RADIUS exec authorization
on the Brocade Virtual ADX, enter the following command.

Virtual ADX(config)#aaa authorization exec default radius

Syntax: aaa authorization exec default radius | none

If you specify none, or omit the aaa authorization exec command from the device’s configuration,
no exec authorization is performed.

See also other documents in the category Brocade Computer Accessories: