Dell POWEREDGE M1000E User Manual
Page 37
Fabric OS Command Reference
9
53-1002746-01
aaaConfig
2
Note that the distinction between protocols is only applicable to the packets
between a system and the RADIUS or TACACS+ server. To authenticate a
user to the system, a password is always used.
Valid protocols are one of the following:
pap
Password Authentication Protocol
chap
Challenge-Handshake Authentication Protocol
peap-mschapv2
Protected Extensible Authentication Protocol (requires Fabric OS v5.3.0 or
later). This is applicable only to RADIUS configuration.
--remove server
Removes the specified server from the configuration. The server must match one
of the IP addresses or the names shown in the current configuration. The
following operand is required:
-conf radius | ldap | tacacs+
Specifies the server configuration as either RADIUS, LDAP, or TACACS+. If the
server is enabled, the command does not allow the last server to be removed from
the configuration list. RADIUS, LDAP, or TACACS+ must first be disabled before
the last server of the specified type may be removed.
--move server option
Moves the specified server from the current position in a RADIUS, LDAP, or
TACACS+ configuration list to the specified position. If the specified position is the
same as the current position, no change takes place. Valid options include the
following:
-conf radius | ldap } tacacs+
Specifies the server configuration as RADIUS, LDAP, or TACACS+. This operand
is required.
to_position
Specifies the new position for the server. The value for to_position is an integer,
and must be within the range of server positions in the current configuration. Use
the --show option to determine current server positions. This operand is required.
--authspec "aaa1[;aaa2" [-backup] [-nologout]
Replaces the configuration with the specified AAA service. Each service can be
specified only once in the list, for example, "radius; local; radius" is invalid. No edit
option is provided. The --authspec option takes as an argument a
semicolon-separated list of AAA services. Services must be enclosed in double
quotation marks.
The following AAA services and service pairs are valid:
"local"
Default setting. Authenticates the user against the local database only. If the
password does not match or the user is not defined, the login fails.
"radius"
When "radius" is specified, the first RADIUS server is contacted. If the RADIUS
server is not reachable, the next RADIUS server is contacted. If the authentication
fails, the authentication process does not check for the next server in the
sequence.