beautypg.com

Examples of authentication-method lists – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 112

background image

100

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring authentication-method lists

2

Configuration considerations for authentication-method lists

For CLI access, you must configure authentication-method lists if you want the device to
authenticate access using local user accounts or a RADIUS server. Otherwise, the device will
authenticate using only the locally based password for the Super User privilege level.

When no authentication-method list is configured specifically for Web management access,
the device performs authentication using the SNMP community strings:

For read-only access, you can use the user name “get” and the password “public”. The
default read-only community string is “public”.

There is no default read-write community string. Thus, by default, you cannot open a
read-write management session using the Web Management Interface. You first must
configure a read-write community string using the CLI. Then you can log on using “set” as
the user name and the read-write community string you configure as the password. Refer
to

“Configuring TACACS or TACACS+ security”

on page 69.

If you configure an authentication-method list for Web management access and specify “local”
as the primary authentication method, users who attempt to access the device using the Web
Management Interface must supply a user name and password configured in one of the local
user accounts on the device. The user cannot access the device by entering “set” or “get” and
the corresponding SNMP community string.

For devices that can be managed using the default authentication method (if no
authentication-method list is configured for SNMP) is the CLI Super User level password. If no
Super User level password is configured, then access through is not authenticated. To use local
user accounts to authenticate access through, configure an authentication-method list for
SNMP access and specify “local” as the primary authentication method.

Examples of authentication-method lists

Example

The following example shows how to configure authentication-method lists for the Web
Management Interface, and the Privileged EXEC and CONFIG levels of the CLI. The primary
authentication method for each is “local”. The device will authenticate access attempts using the
locally configured user names and passwords first.

To configure an authentication-method list for the Web Management Interface, enter a command
such as the following.

Virtual ADX(config)#aaa authentication web-server default local

This command configures the device to use the local user accounts to authenticate access to the
device through the Web Management Interface. If the device does not have a user account that
matches the user name and password entered by the user, the user is not granted access.

To configure an authentication-method list, enter a command such as the following.

Virtual ADX(config)#aaa authentication snmp-server default local

This command configures the device to use the local user accounts to authenticate access
attempts.

To configure an authentication-method list for the Privileged EXEC and CONFIG levels of the CLI,
enter the following command.

Virtual ADX(config)#aaa authentication enable default local

See also other documents in the category Brocade Computer Accessories: