Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
231232233234235236237238239240
176 FastIron Configuration Guide
53-1002494-02
Authentication-method lists
snAgGblPassword=”<password>” (for AAA method line, enable)
NOTE
Certain SNMP objects need additional validation. These objects include but are not limited to:
snAgReload, snAgWriteNVRAM, snAgConfigFromNVRAM, snAgImgLoad, snAgCfgLoad and
snAgGblTelnetPassword. For more information, see snAgGblPassword in the IronWare MIB
Reference Guide.
If AAA is set up to check both the username and password, the string contains the username,
followed by a space then the password. If AAA is set up to authenticate with the current Enable or
Line password, the string contains the password only.
Note that the above configuration can be overridden by the command no snmp-server pw-check,
which disables password checking for SNMP SET requests.
Example 3
To configure an authentication-method list for the Privileged EXEC and CONFIG levels of the CLI,
enter the following command.
Brocade(config)#aaa authentication enable default local
This command configures the device to use the local user accounts to authenticate attempts to
access the Privileged EXEC and CONFIG levels of the CLI.
Example 4
To configure the device to consult a RADIUS server first to authenticate attempts to access the
Privileged EXEC and CONFIG levels of the CLI, then consult the local user accounts if the RADIUS
server is unavailable, enter the following command.
Brocade(config)#aaa authentication enable default radius local
Command Syntax
The following is the command syntax for the preceding examples.
Syntax: [no] aaa authentication snmp-server | web-server | enable | login default <method1>
[<method2>] [<method3>] [<method4>] [<method5>] [<method6>] [<method7>]
The snmp-server | web-server | enable | login parameter specifies the type of access this
authentication-method list controls. You can configure one authentication-method list for each type
of access.
NOTE
TACACS/TACACS+ and RADIUS are supported only with the enable and login parameters.
The <method1> parameter specifies the primary authentication method. The remaining optional
<method> parameters specify additional methods to try if an error occurs with the primary method.
A method can be one of the values listed in the Method Parameter column in the following table.