Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
141142143144145146147148149150
ServerIron ADX Administration Guide 131
53-1002434-01
Configuring RADIUS security
2
NOTE
For examples of how to define authentication-method lists for types of authentication other than
RADIUS, refer to “Configuring authentication-method lists” on page 136.
Entering privileged EXEC mode after a Telnet or SSH login
By default, a user enters User EXEC mode after a successful login through Telnet or SSH.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.
ServerIronADX(config)# aaa authentication login privilege-mode
Syntax: aaa authentication login privilege-mode
The user’s privilege level is based on the privilege level granted during login.
Configuring enable authentication to prompt for password only
If Enable authentication is configured on the device, when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI, by default he or she is prompted for a
username and password. You can configure the ServerIron to prompt only for a password. The
device uses the username entered at login, if one is available. If no username was entered at
login, the device prompts for both username and password.
To configure the ServerIron to prompt only for a password when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI.
ServerIronADX(config)# aaa authentication enable implicit-user
Syntax: [no] aaa authentication enable implicit-user
Configuring RADIUS authorization
ServerIrons support RADIUS authorization for controlling access to management functions in the
CLI. Two kinds of RADIUS authorization are supported:
Exec authorization determines a user’s privilege level when they are authenticated
Command authorization consults a RADIUS server to get authorization for commands entered
by the user
Configuring Exec authorization
When RADIUS exec authorization is performed, the ServerIron consults a RADIUS server to
determine the privilege level of the authenticated user. To configure RADIUS exec authorization on
the ServerIron, enter the following command.
ServerIronADX(config)# aaa authorization exec default radius
Syntax: aaa authorization exec default radius | none
If you specify none, or omit the aaa authorization exec command from the device’s configuration,
no exec authorization is performed.