Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsSwitch4100
61626364656667686970
3-18 Fabric OS Administrator’s Guide
Publication Number: 53-0000518-09
Configuring for the SSL Protocol
3
Enabling and Disabling Local Authentication
It is useful to enable local authentication so that the switch can take over authentication locally if the
RADIUS servers fail to respond because of power outage or network problems. To enable or disable
local authentication, enter the following command:
Specifying on enables local authentication; specifying off disables it.
When local authentication is enabled and RADIUS servers fail to respond, you can log in to the default
switch accounts (admin and user) or any user-defined account. You must know the passwords of these
accounts.
RADIUS authentication must be enabled when local database authentication is turned off from the on
state; otherwise, an error is returned.
Because local database authentication might be automatically disabled or enabled when enabling or
disabling RADIUS authentication, you should set the local database authentication explicitly to enabled
or disabled after setting the desired RADIUS authentication configuration.
When the command succeeds, the event log indicates that local database authentication is disabled
or enabled.
Configuring for the SSL Protocol
Fabric OS v4.4.0 and later supports secure sockets layer (SSL) protocol, which provides secure access
to a fabric through Web-based management tools like Web Tools. SSL support is a standard Fabric OS
feature; it is independent of Secure Fabric OS, which requires a license and separate certification.
Switches configured for SSL grant access to management tools through hypertext transfer protocol-
secure links (which begin with https://) instead of standard links (which begin with http://).
SSL uses public key infrastructure (PKI) encryption to protect data transferred over SSL connections.
PKI is based on digital certificates obtained from an Internet Certificate Authority (CA), which acts as
the trusted key agent.
Certificates are based on the switch IP address or fully qualified domain name (FQDN), depending on
the issuing CA. If you change a switch IP address or FQDN after activating an associated certificate,
you might have to obtain and install a new certificate. Check with the CA to verify this possibility, and
plan these types of changes accordingly.
Browser and Java Support
Fabric OS supports the following Web browsers for SSL connections:
Internet Explorer (Microsoft Windows)
Mozilla (Solaris and Red Hat Linux)
switch:admin> aaaConfig --switchdb on | off