Brocade Communications Systems Brocade 8/12c Command Reference Manual page 40

22
aaaConfig
The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.
OPERANDS
This command has the following operands:
server
--show
--add | --change server [options]
6
Specifies an IP address or a server name in dot-decimal notation. IPv6 addresses
are supported. If a name is used, a DNS entry must be correctly configured for the
server. If the specified server IP address or name already exists in the current
configuration, the command fails and generates an error. However, the command
does not validate the server name against the IP address in the configuration.
Make sure to avoid duplicate configuration of the same server, one specified by
the name, the other specified by the IP address.
Displays the current AAA service configuration.
Adds or modifies a RADIUS or LDAP server. The --add option appends the
specified server to the end of the current configuration list. A maximum of 5
servers are supported for each authentication type. The --change option modifies
the specified server configuration to use the new arguments. The server must be
one of the IP addresses or names shown in the current configuration.
The following options are supported:
-conf radius | ldap
Specifies the server configuration as either RADIUS or LDAP. This operand is
required.
The following operands are optional:
-p port
Specifies the RADIUS or LDAP server port number. Supported range is 1 to
65535. The default port is 1812 for RADIUS authentication. The default port
is 389 for LDAP authentication. This operand is optional. If no port is
specified, the default is used.
-t timeout
Specifies the response timeout for the RADIUS or the LDAP server. The
supported range is 1 to 30 seconds. The default is 3 seconds. This operand is
optional. If no timeout is specified, the default is used.
-d domain
Specifies the Windows domain name for the LDAP server, for example,
brocade.com. This option is valid only with the -conf ldap option. This
operand is required.
-s secret
Specifies a common secret between the switch and the RADIUS server. The
secret must be between 8 and 40 characters long. This option is valid only
with the -conf radius option, and it is optional. The default value is
sharedsecret.
-a
Specifies the remote authentication protocol for the RADIUS server. This
operand is valid only with the -conf radius option, and it is optional. The
default value for this operand is CHAP.
Note that the distinction between protocols is only applicable to the packets
between a system and the RADIUS server. To authenticate a user to the
system, a password is always used.
Fabric OS Command Reference
53-1001764-01