Configuring tacacs+ authorization, Configuring exec authorization – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 128

Advertising
background image

94

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring TACACS/TACACS+ security

TurboIron(config)#aaa authentication login privilege-mode

Syntax: aaa authentication login privilege-mode

The user privilege level is based on the privilege level granted during login.

Configuring enable authentication to prompt for password only

If Enable authentication is configured on the device, when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI, by default he or she is prompted for a
username and password. You can configure the device to prompt only for a password. The device
uses the username entered at login, if one is available. If no username was entered at login, the
device prompts for both username and password.

To configure the device to prompt only for a password when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI.

TurboIron(config)#aaa authentication enable implicit-user

Syntax: [no] aaa authentication enable implicit-user

Telnet/SSH prompts when the TACACS+ Server is unavailable

When TACACS+ is the first method in the authentication method list, the device displays the login
prompt received from the TACACS+ server. If a user attempts to login through Telnet or SSH, but
none of the configured TACACS+ servers are available, the following takes place:

If the next method in the authentication method list is "enable", the login prompt is skipped,
and the user is prompted for the Enable password (that is, the password configured with the
enable super-user-password command).

If the next method in the authentication method list is "line", the login prompt is skipped, and
the user is prompted for the Line password (that is, the password configured with the enable
telnet password command).

Configuring TACACS+ authorization

Devices support TACACS+ authorization for controlling access to management functions in the CLI.
Two kinds of TACACS+ authorization are supported:

Exec authorization determines a user privilege level when they are authenticated

Command authorization consults a TACACS+ server to get authorization for commands entered
by the user

Configuring exec authorization

When TACACS+ exec authorization is performed, the device consults a TACACS+ server to
determine the privilege level of the authenticated user. To configure TACACS+ exec authorization on
the device, enter the following command.

TurboIron(config)#aaa authorization exec default tacacs+

Syntax: aaa authorization exec default tacacs+ | none

If you specify none, or omit the aaa authorization exec command from the device configuration, no
exec authorization is performed.

Advertising
Popular Brands
Popular manuals