Brocade BigIron RX Series Configuration Guide User Manual

Page 162

Advertising
background image

84

BigIron RX Series Configuration Guide

53-1002484-04

Configuring TACACS and TACACS+ security

3

The command above causes TACACS and TACACS+ to be the primary authentication method for
securing access to Privileged EXEC level and CONFIG levels of the CLI. If TACACS and TACACS+
authentication fails due to an error with the server, local authentication is used instead. If local
authentication fails, no authentication is used; the device automatically permits access.

For information on the command syntax, refer to

“Examples of authentication-method lists”

on

page 106.

NOTE

For examples of how to define authentication-method lists for types of authentication other than
TACACS and TACACS+, refer to

“Configuring authentication-method lists”

on page 104.

Entering privileged EXEC mode after a Telnet or SSH login

By default, a user enters User EXEC mode after a successful login through Telnet or SSH.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.

BigIron RX(config)# aaa authentication login privilege-mode

Syntax: aaa authentication login privilege-mode

The user’s privilege level is based on the privilege level granted during login.

Configuring Enable authentication to prompt for password only

If Enable authentication is configured on the device, by default, a user is prompted for a username
(up to 255 characters) and password when the user attempts to gain Super User access to the
Privileged EXEC and CONFIG levels of the CLI. You can configure the Brocade device to prompt only
for a password. The device uses the username entered at login, if one is available. If no username
was entered at login, the device prompts for both username and password.

To configure the device to prompt only for a password when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI.

BigIron RX(config)# aaa authentication enable implicit-user

Syntax: [no] aaa authentication enable implicit-user

Telnet/SSH prompts when the TACACS+ server is unavailable

When TACACS+ is the first method in the authentication method list, the device displays the login
prompt received from the TACACS+ server. If a user attempts to login through Telnet or SSH, but
none of the configured TACACS+ servers are available, the following takes place:

If the next method in the authentication method list is "enable", the login prompt is skipped,
and the user is prompted for the Enable password (that is, the password configured with the
enable super-user-password command).

If the next method in the authentication method list is "line", the login prompt is skipped, and
the user is prompted for the Line password (that is, the password configured with the enable
telnet password command).

Advertising
Popular Brands
Popular manuals