Configuring remote logon authentication servers, Figure 161 confi – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual
Page 873
Brocade 6910 Ethernet Access Switch Configuration Guide
823
53-1002581-01
AAA Authentication, Authorization and Accounting
41
Command Usage
•
By default, management access is always checked against the authentication database stored
on the local switch. If a remote authentication server is used, you must specify the
authentication sequence. Then specify the corresponding parameters for the remote
authentication protocol using the Security > AAA > Server page. Local and remote logon
authentication control management access via the console port, web browser, or Telnet.
•
You can specify up to three authentication methods for any user to indicate the authentication
sequence. For example, if you select (1) RADIUS, (2) TACACS and (3) Local, the user name and
password on the RADIUS server is verified first. If the RADIUS server is not available, then
authentication is attempted using the TACACS+ server, and finally the local user name and
password is checked.
Parameters
These parameters are displayed:
•
Authentication Sequence – Select the authentication, or authentication sequence required:
•
Local – User authentication is performed only locally by the switch.
•
RADIUS – User authentication is performed using a RADIUS server only.
•
TACACS – User authentication is performed using a TACACS+ server only.
•
[authentication sequence] – User authentication is performed by up to three
authentication methods in the indicated sequence.
Interface
To configure the method(s) of controlling management access:
1. Click Security, AAA, System Authentication.
2. Specify the authentication sequence (i.e., one to three methods).
3. Click Apply.
FIGURE 161
Configuring the Authentication Sequence
Configuring Remote Logon Authentication Servers
Use the Security > AAA > Server page to configure the message exchange parameters for RADIUS
or TACACS+ remote access authentication servers.
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access
Control System Plus (TACACS+) are logon authentication protocols that use software running on a
central server to control access to RADIUS-aware or TACACS-aware devices on the network. An
authentication server contains a database of multiple user name/password pairs with associated
privilege levels for each user that requires management access to the switch.