Brocade Communications Systems 8 Command Reference Manual page 38

2
aaaConfig
Notes Customers can use centralized RADIUS servers to manage AAA services for a switch, as defined in
the RFC 2865 RADIUS specification.
Fabric OS v6.1.0 and later is required to configure LDAP while in FIPS mode. Refer to the Fabric OS
Administrator's Guide for configuration procedures.
This command can be executed when logged in through the console, Telnet or SSH connection.
The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may
be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command
Availability" for details.
Operands This command takes as input an action and its associated arguments. Without any specified
action, the command prints out the usage.
The following operands are supported:
server
--show
--add | --change server [options]
6
Specifies an IP address or a server name in dot-decimal notation. IPv6
addresses are supported. If a name is used, a DNS entry must be correctly
configured for the server. If the specified server IP address or name already
exists in the current configuration, the command fails and generates an error.
However, the command does not validate the server name against the IP
address in the configuration. Make sure to avoid duplicate configuration of
the same server, one specified by the name, the other specified by the IP
address.
Displays the current AAA service configuration.
Adds or modifies a RADIUS or LDAP server. The --add option appends the
specified server to the end of the current configuration list. A maximum of 5
servers are supported for each authentication type. The --change option
modifies the specified server configuration to use the new arguments. The
server must be one of the IP addresses or names shown in the current
configuration.
The following options are supported:
-conf radius|ldap
Specifies the server configuration as either RADIUS or LDAP. This operand is
required.
The following operands are optional:
-p port Specifies the RADIUS or LDAP server port number. Supported range is 1
to 65535. The default port is 1812 for RADIUS authentication. The
default port is 389 for LDAP authentication. This operand is optional. If
no port is specified, the default is used.
-t timeout Specifies the response timeout for the RADIUS or the LDAP server. The
supported range is between 1 and 30 seconds. The default is 3 seconds.
This operand is optional. If no timeout is specified, the default is used.
-d domain Specifies the Windows domain name for the LDAP server, for example,
brocade.com. This option is valid only with the -conf ldap option. This
operand is required.
Fabric OS Command Reference
53-1001764-02