Authentication sequence, Authentication enable, Table 36 – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual
Page 194: Authentication enable (144)
144
Brocade 6910 Ethernet Access Switch Configuration Guide
53-1002581-01
Authentication Sequence
9
Authentication Sequence
Three authentication methods can be specified to authenticate users logging into the system for
management access. The commands in this section can be used to define the authentication
method and sequence.
authentication enable
This command defines the authentication method and precedence to use when changing from
Exec command mode to Privileged Exec command mode with the
command. Use the no
form to restore the default.
Syntax
authentication enable {[local] [radius] [tacacs]}
no authentication enable
local - Use local password only.
radius - Use RADIUS server password only.
tacacs - Use TACACS server password.
Default Setting
Local
Command Mode
Global Configuration
Command Usage
•
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP
offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in
the access-request packet from the client to the server, while TACACS+ encrypts the entire
body of the packet.
•
RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user
name and password pair. The user name, password, and privilege level must be configured on
the authentication server.
•
You can specify three authentication methods in a single command to indicate the
authentication sequence. For example, if you enter “authentication enable radius tacacs
local,” the user name and password on the RADIUS server is verified first. If the RADIUS server
is not available, then authentication is attempted on the TACACS+ server. If the TACACS+ server
is not available, the local user name and password is checked.
TABLE 36
Authentication Sequence Commands
Command
Function
Mode
Defines the authentication method and precedence for command
mode change
GC
Defines logon authentication method and precedence
GC