Authentication-method lists, Examples of authentication-method lists – Brocade Communications Systems Brocade ICX 6650 6650 User Manual
Page 78
58
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Authentication-method lists
Authentication-method lists
To implement one or more authentication methods for securing access to the device, you configure
authentication-method lists that set the order in which the authentication methods are consulted.
In an authentication-method list, you specify the access method (Telnet, SNMP, and so on) and the
order in which the device tries one or more of the following authentication methods:
•
Local Telnet login password
•
Local password for the Super User privilege level
•
Local user accounts configured on the device
•
Database on a TACACS or TACACS+ server
•
Database on a RADIUS server
•
No authentication
NOTE
The TACACS/TACACS+, RADIUS, and Telnet login password authentication methods are not
supported for SNMP access.
NOTE
To authenticate Telnet access to the CLI, you also must enable the authentication by entering the
enable telnet authentication command at the global CONFIG level of the CLI.
NOTE
You do not need an authentication-method list to secure access based on ACLs or a list of IP
addresses. Refer to
“ACL usage to restrict remote access”
In an authentication-method list for a particular access method, you can specify up to seven
authentication methods. If the first authentication method is successful, the software grants
access and stops the authentication process. If the access is rejected by the first authentication
method, the software denies access and stops checking.
However, if an error occurs with an authentication method, the software tries the next method on
the list, and so on. For example, if the first authentication method is the RADIUS server, but the link
to the server is down, the software will try the next authentication method in the list.
NOTE
If an authentication method is working properly and the password (and user name, if applicable) is
not known to that method, this is not an error. The authentication attempt stops, and the user is
denied access.
The software will continue this process until either the authentication method is passed or the
software reaches the end of the method list. If the Super User level password is not rejected after
all the access methods in the list have been tried, access is granted.
Examples of authentication-method lists
The following examples show how to configure authentication-method lists. In these examples, the
primary authentication method for each is “local”. The device will authenticate access attempts
using the locally configured usernames and passwords.