Examples of authentication-method lists – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 151

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

117

53-1003053-01

Configuring authentication-method lists

Examples of authentication-method lists

The following examples show how to configure authentication-method lists. In these examples, the
primary authentication method for each is “local”. The device will authenticate access attempts
using the locally configured usernames and passwords.

The command syntax for each of the following examples is provided in

“Command Syntax”

on

page 117.

Example 1

To configure an authentication-method list for SNMP, enter a command such as the following.

TurboIron(config)#aaa authentication snmp-server default local

This command allows certain incoming SNMP SET operations to be authenticated using the locally
configured usernames and passwords. When this command is enabled, community string
validation is not performed for incoming SNMP V1 and V2c packets. This command takes effect as
long as the first varbind for SNMP packets is set to one of the following:

snAgGblPassword=”<username> <password>” (for AAA method local)

snAgGblPassword=”<password>” (for AAA method line, enable)

NOTE

Certain SNMP objects need additional validation. These objects include but are not limited to:
snAgReload, snAgWriteNVRAM, snAgConfigFromNVRAM, snAgImgLoad, snAgCfgLoad and
snAgGblTelnetPassword. For more information, see snAgGblPassword in the IronWare MIB
Reference.

If AAA is set up to check both the username and password, the string contains the username,
followed by a space then the password. If AAA is set up to authenticate with the current Enable or
Line password, the string contains the password only.

Note that the above configuration can be overridden by the command no snmp-server pw-check,
which disables password checking for SNMP SET requests.

Example 2

To configure an authentication-method list for the Privileged EXEC and CONFIG levels of the CLI,
enter the following command.

TurboIron(config)#aaa authentication enable default local

This command configures the device to use the local user accounts to authenticate attempts to
access the Privileged EXEC and CONFIG levels of the CLI.

Example 3

To configure the device to consult a RADIUS server first to authenticate attempts to access the
Privileged EXEC and CONFIG levels of the CLI, then consult the local user accounts if the RADIUS
server is unavailable, enter the following command.

TurboIron(config)#aaa authentication enable default radius local

Command Syntax

The following is the command syntax for the preceding examples.

Syntax: [no] aaa authentication snmp-server | web-server | enable | login default <method1>

[<method2>] [<method3>] [<method4>] [<method5>] [<method6>] [<method7>]

Advertising
Popular Brands
Popular manuals