Changing the login authentication mode – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual
Page 232
200
Network OS NETCONF Operations Guide
53-1003231-02
Login authentication mode
16
</aaa>
</aaa-config>
</config>
</edit-config>
</rpc>
<rpc-reply message-id="902" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
4. To verify the configuration, issue the <get-config> RPC with a subtree filter to limit the returned
information to the contents of the <aaa-config>/<aaa>/<authentication> node.
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="903" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get-config>
<source>
<running/>
</source>
<filter type="subtree">
<aaa-config xmlns="urn:brocade.com:mgmt:brocade-aaa">
<aaa>
<authentication/>
</aaa>
</aaa-config>
</filter>
</get-config>
</rpc>
<rpc-reply message-id="903" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<aaa-config xmlns="urn:brocade.com:mgmt:brocade-aaa">
<aaa>
<authentication>
<login>
<first>local</first>
</login>
</authentication>
</aaa>
</aaa-config>
</rpc>
5. Log in to the switch using an account with TACACS+ only credentials. The login should fail with
an “access denied” error.
6. Log in to the switch using an account with local only credentials. The login should succeed.
Changing the login authentication mode
To change the authentication mode, you must first reset the configuration to the default local
mode, and then set the authentication mode as desired. The following example resets the existing
TACACS+ mode to local mode and then sets the authentication mode to RADIUS.
1. Reset the configuration to the default value.
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="904" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>