Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 90

Advertising
background image

78

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring TACACS or TACACS+ security

2

NOTE

For examples of how to define authentication-method lists for types of authentication other than
TACACS or TACACS+, refer to

“Configuring authentication-method lists”

on page 99.

Entering privileged EXEC mode after a Telnet or SSH login

By default, a user enters User EXEC mode after a successful login through Telnet or SSH.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.

Virtual ADX(config)#aaa authentication login privilege-mode

Syntax: aaa authentication login privilege-mode

The user’s privilege level is based on the privilege level granted during login.

Configuring enable authentication to prompt for password only

If Enable authentication is configured on the device, when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI, by default he or she is prompted for a
username and password. You can configure the Brocade Virtual ADX device to prompt only for a
password. The device uses the username entered at login, if one is available. If no username was
entered at login, the device prompts for both username and password.

To configure the Brocade Virtual ADX to prompt only for a password when a user attempts to gain
Super User access to the Privileged EXEC and CONFIG levels of the CLI.

Virtual ADX(config)#aaa authentication enable implicit-user

Syntax: [no] aaa authentication enable implicit-user

Telnet or SSH prompts when TACACS+ server is unavailable

When TACACS+ is the first method in the authentication method list, the device displays the login
prompt received from the TACACS+ server. If a user attempts to login through Telnet or SSH, but
none of the configured TACACS+ servers are available, the following takes place:

local

Authenticate using a local user name and password you configured on the
device. Local user names and passwords are configured using the
username… command. Refer to

“Configuring a local user account”

on

page 68.

tacacs

Authenticate using the database on a TACACS server. You also must
identify the server to the device using the tacacs-server command.

tacacs+

Authenticate using the database on a TACACS+ server. You also must
identify the server to the device using the tacacs-server command.

radius

Authenticate using the database on a RADIUS server. You also must
identify the server to the device using the radius-server command.

none

Do not use any authentication method. The device automatically permits
access.

TABLE 7

Authentication method values (Continued)

Method Description

Advertising
Popular Brands
Popular manuals