beautypg.com

Dell POWEREDGE M1000E User Manual

Page 36

background image

8

Fabric OS Command Reference

53-1002746-01

aaaConfig

2

The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.

OPERANDS

This command has the following operands:

server

Specifies an IP address or a server name in dot-decimal notation. IPv6 addresses
are supported. If a name is used, a DNS entry must be correctly configured for the
server. If the specified server IP address or name already exists in the current
configuration, the command fails and generates an error. However, the command
does not validate the server name against the IP address in the configuration.
Make sure to avoid duplicate configuration of the same server, one specified by
the name, the other specified by the IP address.

--show

Displays the current AAA service configuration.

--add | --change server [options]

Adds or modifies a RADIUS, LDAP, or TACACS+ server. The --add option
appends the specified server to the end of the current configuration list. A
maximum of 5 servers are supported for each authentication type. The --change
option modifies the specified server configuration to use the new arguments. The
server must be one of the IP addresses or names shown in the current
configuration.

The following options are supported:

-conf radius | ldap | tacacs+

Specifies the server configuration as either RADIUS, LDAP, or TACACS+. This
operand is required.

The following operands are optional:

-p port

Specifies the RADIUS, LDAP, or TACACS+ server port number. Supported
range is 1 to 65535. The default port is 1812 for RADIUS authentication. The
default port is 389 for LDAP authentication. The default port is 49 for
TACACS+ authentication. This operand is optional. If no port is specified, the
default is used.

-t timeout

Specifies the response timeout for the RADIUS, the LDAP or the TACACS+
server. The supported range is 1 to 30 seconds. The default is 3 seconds.
This operand is optional. If no timeout is specified, the default is used.

-d domain

Specifies the Windows domain name for the LDAP server, for example,
brocade.com. This option is valid only with the -conf ldap option. This
operand is required.

-s secret

Specifies a common secret between the switch and the RADIUS or
TACACS+ server. The secret must be between 8 and 40 characters long.
This option is valid only with -conf radius or -conf tacacs+options, and it is
optional. The default value is sharedsecret.

-a

Specifies the remote authentication protocol for the RADIUS or TACACS+
server. This operand is valid with -conf radius or -conf tacacs+ options,
and it is optional. The default value for this operand is CHAP.