beautypg.com

Configuring remote logon authentication servers, Figure 161 confi – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Page 873

background image

Brocade 6910 Ethernet Access Switch Configuration Guide

823

53-1002581-01

AAA Authentication, Authorization and Accounting

41

Command Usage

By default, management access is always checked against the authentication database stored
on the local switch. If a remote authentication server is used, you must specify the
authentication sequence. Then specify the corresponding parameters for the remote
authentication protocol using the Security > AAA > Server page. Local and remote logon
authentication control management access via the console port, web browser, or Telnet.

You can specify up to three authentication methods for any user to indicate the authentication
sequence. For example, if you select (1) RADIUS, (2) TACACS and (3) Local, the user name and
password on the RADIUS server is verified first. If the RADIUS server is not available, then
authentication is attempted using the TACACS+ server, and finally the local user name and
password is checked.

Parameters

These parameters are displayed:

Authentication Sequence – Select the authentication, or authentication sequence required:

Local – User authentication is performed only locally by the switch.

RADIUS – User authentication is performed using a RADIUS server only.

TACACS – User authentication is performed using a TACACS+ server only.

[authentication sequence] – User authentication is performed by up to three
authentication methods in the indicated sequence.

Interface

To configure the method(s) of controlling management access:

1. Click Security, AAA, System Authentication.

2. Specify the authentication sequence (i.e., one to three methods).

3. Click Apply.

FIGURE 161

Configuring the Authentication Sequence

Configuring Remote Logon Authentication Servers

Use the Security > AAA > Server page to configure the message exchange parameters for RADIUS
or TACACS+ remote access authentication servers.

Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access
Control System Plus (TACACS+) are logon authentication protocols that use software running on a
central server to control access to RADIUS-aware or TACACS-aware devices on the network. An
authentication server contains a database of multiple user name/password pairs with associated
privilege levels for each user that requires management access to the switch.

See also other documents in the category Brocade Communications Systems Computer Accessories: