Reference Guide

Configuring local authentication as backup

It is useful to enable local authentication, so that the switch can take over authentication locally if the RADIUS or LDAP servers fail to

respond because of power outage or network problems.

1. Connect to the switch and log in using an account with admin permissions.

2. Enter the aaaConfig --authspec command to enable or disable RADIUS, LDAP, or TACACS+ with local authentication as a

backup authentication mechanism.

You must specify the type of service as one of RADIUS, LDAP, or TACACS+. Local is used for local authentication if the user

authentication fails on the authentication server.

Example for RADIUS

Example of enabling local authentication as a backup for RADIUS.

switch:admin> aaaconfig --authspec "radius;local" -backup

Example for LDAP

switch:admin> aaaconfig --authspec "ldap;local" -backup

Example for TACACS+

switch:admin> aaaconfig --authspec "tacacs+;local" -backup

For details about the aaaConfig command refer toCommand options on page 162.

When local authentication is enabled and the authentication servers fail to respond, you can log in to the default switch accounts (admin

and user) or any user-defined account. You must know the passwords of these accounts.

When the aaaConfig command succeeds, the event log indicates that local database authentication is disabled or enabled.

Managing User Accounts

Brocade Fabric OS Administration Guide, 8.0.1

184 53-1004111-02