Login authentication mode – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 230

Advertising

198

Network OS NETCONF Operations Guide

53-1003231-02

Using the NETCONF interfaces, you can configure primary and secondary authentication modes.
The primary mode can be RADIUS, TACACS+, LDAP, or local. The secondary mode is optional and
can only be local, and then only if the primary mode is RADIUS, TACACS+, or LDAP.

Setting and verifying the login authentication mode

To configure and verify the login authentication mode, perform the following steps.

1. Issue the <edit-config> RPC to configure the <aaa-config> node in the

urn:brocade.com:mgmt:brocade-aaa workspace.

2. Under the <aaa-config> node, include the <aaa>/<authentication>/<login> hierarchy of node

elements.

3. Under the <login> node, include the following leaf elements:

a. In the <first> element, specify “radius”, “tacacs+”, “ldap” or “local” to identify the primary

b. Optional: In the <second> element, specify “local” as the secondary authentication mode.

NOTE

“local” is the only valid secondary authentication mode and can be used only if the
primary mode is radius, tacacs+, or ldap.

The following example configures TACACS+ as the primary source of authentication and the
local user database as the secondary source.

<?xml version="1.0" encoding="UTF-8"?>

<edit-config>

</target>

<aaa-config xmlns="urn:brocade.com:mgmt:brocade-aaa">

<aaa>

<login>

<first>tacacs+</first>

<second>local</second>

</login>

</authentication>

</aaa>

</aaa-config>

</config>

</edit-config>

</rpc>

<rpc-reply message-id="900" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<ok/>

</rpc-reply>

4. To verify the configuration, issue the <get-config> RPC with a subtree filter to limit the returned

information to the contents of the <aaa-config>/<aaa>/<authentication> node.

Advertising