PowerConnect B-Series FCX Configuration Guide 1199
53-1002266-01
Configuring authentication-method lists
32
If an authentication method is working properly and the password (and user name, if applicable) is
not known to that method, this is not an error. The authentication attempt stops, and the user is
denied access.
The software will continue this process until either the authentication method is passed or the
software reaches the end of the method list. If the Super User level password is not rejected after
all the access methods in the list have been tried, access is granted.
Configuration considerations for authentication-
method lists
• For CLI access, you must configure authentication-method lists if you want the device to
authenticate access using local user accounts or a RADIUS server. Otherwise, the device will
authenticate using only the locally based password for the Super User privilege level.
• When no authentication-method list is configured specifically for Web management access,
the device performs authentication using the SNMP community strings:
• For read-only access, you can use the user name “get” and the password “public”. The
default read-only community string is “public”.
• There is no default read-write community string. Thus, by default, you cannot open a
read-write management session using the Web Management Interface. You first must
configure a read-write community string using the CLI. Then you can log on using “set” as
the user name and the read-write community string you configure as the password. Refer
to “Configuring TACACS/TACACS+ security” on page 1163.
• If you configure an authentication-method list for Web management access and specify “local”
as the primary authentication method, users who attempt to access the device using the Web
Management Interface must supply a user name and password configured in one of the local
user accounts on the device. The user cannot access the device by entering “set” or “get” and
the corresponding SNMP community string.
• For devices that can be managed using Brocade Network Advisor, the default authentication
method (if no authentication-method list is configured for SNMP) is the CLI Super User level
password. If no Super User level password is configured, then access through Brocade
Network Advisor is not authenticated.
Examples of authentication-method lists
The following examples show how to configure authentication-method lists. In these examples, the
primary authentication method for each is “local”. The device will authenticate access attempts
using the locally configured usernames and passwords.
The command syntax for each of the following examples is provided in “Command Syntax” on
page 1200.
Example 1
To configure an authentication-method list for the Web Management Interface, enter a command
such as the following.
PowerConnect(config)#aaa authentication web-server default local
To Next Page
Loading...
