Brocade Fabric OS Command Reference Manual v6.2.0 (53-1001186-01, April 2009)

8 Fabric OS Command Reference
53-1001186-01
aaaConfig
2
“radius” When “radius” is specified, the first RADIUS server is contacted. If the
RADIUS server is not reachable, the next RADIUS server is contacted. If the
authentication fails, the authentication process does not check for the next
server in the sequence.
“ldap” When “ldap” is specified, the first Active directory (AD) server is contacted. If
the AD server is not reachable, the next AD server is contacted. If the
authentication fails, the authentication process does not check for the next
server in the sequence.
“radius;local” Enables the current RADIUS configuration as the primary AAA service and the
switch-local database as the secondary AAA service. If “radius” and “local”
are specified, and if the RADIUS servers are reachable and the user
credentials are correct, the user authentication succeeds. If the user provides
credentials from the switch database, the RADIUS authentication fails but
login succeeds through the switch database.
“ldap;local” Enables the current LDAP configuration as the primary AAA service and the
switch-local database as the secondary AAA service. If “ldap” and “local” are
specified, and if the AD servers are reachable and the user credentials are
correct, the user authentication succeeds. If the user provides credentials
from the switch database, AD authentication fails but login would still
succeed through the switch database.
-backup For use with the "radius;local" and "ldap;local" options only. The backup
option states to try the secondary AAA service only if none of the primary AAA
services are available.
--help Displays command usage.
Examples To display the current RADIUS configuration:
switch:admin> aaaconfig --show
RADIUS CONFIGURATIONS
=====================
Position Server Port Secret Timeout(s) Auth-Protocol
1 192.168.233.48 1812 sharedsecret 3 CHAP
2 192.168.233.44 1812 sharedsecret 3 CHAP
3 radserver 1812 private 5 CHAP
Primary AAA Service: Switch database
Secondary AAA Service: None
LDAP CONFIGURATIONS
===================
LDAP configuration does not exist.
To move the RADIUS server "radserver" from position 3 to position 1:
switch:admin> aaaconfig --move radserver -conf radius 1
To configure the RADIUS server 192.168.233.48 as an LDAP server:
switch:admin> aaaconfig --change 192.168.233.48 -conf ldap -p 3002 -s newsecret -t 1
To add an AD/LDAP server to the configuration:
switch:admin> aaaconfig --add 194.72.68.335 -conf ldap -p 3002 -d brocade.com -t 1