Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual
Page 89
Brocade Virtual ADX Administration Guide
77
53-1003249-01
Configuring TACACS or TACACS+ security
2
Within the authentication-method list, TACACS or TACACS+ is specified as the primary
authentication method and up to six backup authentication methods are specified as alternates. If
TACACS or TACACS+ authentication fails due to an error, the device tries the backup authentication
methods in the order they appear in the list.
When you configure authentication-method lists for TACACS or TACACS+ authentication, you must
create a separate authentication-method list for Telnet or SSH CLI access, and for access to the
Privileged EXEC level and CONFIG levels of the CLI.
To create an authentication-method list that specifies TACACS or TACACS+ as the primary
authentication method for securing Telnet or SSH access to the CLI.
Virtual ADX(config)#enable telnet authentication
Virtual ADX(config)#aaa authentication login default tacacs local
The commands above cause TACACS or TACACS+ to be the primary authentication method for
securing Telnet or SSH access to the CLI. If TACACS or TACACS+ authentication fails due to an error
with the server, authentication is performed using local user accounts instead.
To create an authentication-method list that specifies TACACS or TACACS+ as the primary
authentication method for securing access to Privileged EXEC level and CONFIG levels of the CLI.
Virtual ADX(config)#aaa authentication enable default tacacs local none
The command above causes TACACS or TACACS+ to be the primary authentication method for
securing access to Privileged EXEC level and CONFIG levels of the CLI. If TACACS or TACACS+
authentication fails due to an error with the server, local authentication is used instead. If local
authentication fails, no authentication is used; the device automatically permits access.
Syntax: [no] aaa authentication enable | login default method1 [method2] [method3] [method4]
[method5] [method6] [method7]
The web-server | enable | login parameter specifies the type of access this authentication-method
list controls. You can configure one authentication-method list for each type of access.
NOTE
If you configure authentication for Web management access, authentication is performed each time
a page is requested from the server. When frames are enabled on the Web Management Interface,
the browser sends an HTTP request for each frame. The Brocade Virtual ADX authenticates each
HTTP request from the browser. To limit authentications to one per page, disable frames on the Web
Management Interface.
The method1 variable specifies the primary authentication method. The remaining optional
method variables specify additional methods to try if an error occurs with the primary method. A
method can be one of the values listed in the Method column in the following table.
TABLE 7
Authentication method values
Method Description
line
Authenticate using the password you configured for Telnet access. The
Telnet password is configured using the enable telnet password…
command. Refer to
enable
Authenticate using the password you configured for the Super User
privilege level. This password is configured using the enable
super-user-password… command. Refer to