Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
Brocade ICX 6650 Security Configuration Guide
35
53-1002601-01
TACACS and TACACS+ security
NOTE
For examples of how to define authentication-method lists for types of authentication other than
TACACS/TACACS+, refer to
For examples of how to define authentication-method lists for types of authentication other than
TACACS/TACACS+, refer to
Entering privileged EXEC mode after a Telnet or SSH login
By default, a user enters User EXEC mode after a successful login through Telnet or SSH.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.
Brocade(config)# aaa authentication login privilege-mode
Syntax: aaa authentication login privilege-mode
The user privilege level is based on the privilege level granted during login.
Configuring enable authentication to prompt for password only
If Enable authentication is configured on the device, when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI, by default he or she is prompted for a
username and password. You can configure the Brocade device to prompt only for a password. The
device uses the username entered at login, if one is available. If no username was entered at login,
the device prompts for both username and password.
access to the Privileged EXEC and CONFIG levels of the CLI, by default he or she is prompted for a
username and password. You can configure the Brocade device to prompt only for a password. The
device uses the username entered at login, if one is available. If no username was entered at login,
the device prompts for both username and password.
To configure the Brocade device to prompt only for a password when a user attempts to gain Super
User access to the Privileged EXEC and CONFIG levels of the CLI.
User access to the Privileged EXEC and CONFIG levels of the CLI.
Brocade(config)# aaa authentication enable implicit-user
Syntax: [no] aaa authentication enable implicit-user
Telnet and SSH prompts when the TACACS+ server is unavailable
When TACACS+ is the first method in the authentication method list, the device displays the login
prompt received from the TACACS+ server. If a user attempts to login through Telnet or SSH, but
none of the configured TACACS+ servers are available, the following takes place:
prompt received from the TACACS+ server. If a user attempts to login through Telnet or SSH, but
none of the configured TACACS+ servers are available, the following takes place:
local
Authenticate using a local user name and password you configured on the device. Local user
names and passwords are configured using the username… command. Refer to
names and passwords are configured using the username… command. Refer to
tacacs
Authenticate using the database on a TACACS server. You also must identify the server to the
device using the tacacs-server command.
device using the tacacs-server command.
tacacs+
Authenticate using the database on a TACACS+ server. You also must identify the server to
the device using the tacacs-server command.
the device using the tacacs-server command.
radius
Authenticate using the database on a RADIUS server. You also must identify the server to the
device using the radius-server command.
device using the radius-server command.
none
Do not use any authentication method. The device automatically permits access.
TABLE 4
Authentication method values (Continued)
Method parameter
Description