Dell PowerConnect B-RX Configuration Manual page 167

Within the authentication-method list, TACACS and TACACS+ is specified as the primary
authentication method and up to six backup authentication methods are specified as alternates. If
TACACS and TACACS+ authentication fails due to an error, the device tries the backup
authentication methods in the order they appear in the list.
When you configure authentication-method lists for TACACS and TACACS+ authentication, you must
create a separate authentication-method list for Telnet/SSH CLI access, and for access to the
Privileged EXEC level and CONFIG levels of the CLI.
To create an authentication-method list that specifies TACACS and TACACS+ as the primary
authentication method for securing Telnet/SSH access to the CLI.
BigIron RX(config)# enable telnet authentication
BigIron RX(config)# aaa authentication login default tacacs local
The commands above cause TACACS and TACACS+ to be the primary authentication method for
securing Telnet/SSH access to the CLI. If TACACS and TACACS+ authentication fails due to an error
with the server, authentication is performed using local user accounts instead.
To create an authentication-method list that specifies TACACS and TACACS+ as the primary
authentication method for securing access to Privileged EXEC level and CONFIG levels of the CLI.
BigIron RX(config)# aaa authentication enable default tacacs local none
The command above causes TACACS and TACACS+ to be the primary authentication method for
securing access to Privileged EXEC level and CONFIG levels of the CLI. If TACACS and TACACS+
authentication fails due to an error with the server, local authentication is used instead. If local
authentication fails, no authentication is used; the device automatically permits access.
For information on the command syntax, refer to
page 113.
NOTE
For examples of how to define authentication-method lists for types of authentication other than
TACACS and TACACS+, refer to
Entering privileged EXEC mode after a Telnet or SSH login
By default, a user enters User EXEC mode after a successful login through Telnet or SSH.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.
BigIron RX(config)# aaa authentication login privilege-mode
Syntax: aaa authentication login privilege-mode
The user's privilege level is based on the privilege level granted during login.
Configuring Enable authentication to prompt for password only
If Enable authentication is configured on the device, by default, a user is prompted for a username
(up to 255 characters) and password when the user attempts to gain Super User access to the
Privileged EXEC and CONFIG levels of the CLI. You can configure the Brocade device to prompt only
for a password. The device uses the username entered at login, if one is available. If no username
was entered at login, the device prompts for both username and password.
To configure the device to prompt only for a password when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI.
BigIron RX Series Configuration Guide
53-1002253-01
Configuring TACACS and TACACS+ security
"Examples of authentication-method lists"
"Configuring authentication-method lists"
4
on
on page 112.
91