Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

231

232

233

234

235

236

237

238

239

240

FastIron Configuration Guide 175

53-1002494-02

Authentication-method lists

Configuration considerations for authentication-

method lists

• For CLI access, you must configure authentication-method lists if you want the device to

authenticate access using local user accounts or a RADIUS server. Otherwise, the device will

authenticate using only the locally based password for the Super User privilege level.

• When no authentication-method list is configured specifically for Web management access,

the device performs authentication using the SNMP community strings:

• For read-only access, you can use the user name “get” and the password “public”. The

default read-only community string is “public”.

• There is no default read-write community string. Thus, by default, you cannot open a

read-write management session using the Web Management Interface. You first must

configure a read-write community string using the CLI. Then you can log on using “set” as

the user name and the read-write community string you configure as the password. Refer

to “TACACS and TACACS+ security” on page 139.

• If you configure an authentication-method list for Web management access and specify “local”

as the primary authentication method, users who attempt to access the device using the Web

Management Interface must supply a user name and password configured in one of the local

user accounts on the device. The user cannot access the device by entering “set” or “get” and

the corresponding SNMP community string.

Examples of authentication-method lists

The following examples show how to configure authentication-method lists. In these examples, the

primary authentication method for each is “local”. The device will authenticate access attempts

using the locally configured usernames and passwords.

The command syntax for each of the following examples is provided in “Command Syntax” on

page 176.

Example 1

To configure an authentication-method list for the Web Management Interface, enter a command

such as the following.

Brocade(config)#aaa authentication web-server default local

This command configures the device to use the local user accounts to authenticate access to the

device through the Web Management Interface. If the device does not have a user account that

matches the user name and password entered by the user, the user is not granted access.

Example 2

To configure an authentication-method list for SNMP, enter a command such as the following.

Brocade(config)#aaa authentication snmp-server default local

This command allows certain incoming SNMP SET operations to be authenticated using the locally

configured usernames and passwords. When this command is enabled, community string

validation is not performed for incoming SNMP V1 and V2c packets. This command takes effect as

long as the first varbind for SNMP packets is set to one of the following:

• snAgGblPassword=”<username> <password>” (for AAA method local)