Users Guide
Table Of Contents
- Contents
- About This Document
- Audience
- Supported hardware and software
- What’s new in this document
- Enhancements in release 02.8.00
- Enhancements in release 02.7.03
- Enhancements in release 02.7.02
- Enhancements in release 02.7.00
- Enhancements in release 02.6.00
- Enhancements in patch release 02.5.00c
- Enhancements in patch release 02.5.00b
- Enhancements in release 02.5.00
- Enhancements in patch release 02.4.00c
- Enhancements in release 02.4.00
- Enhancements in patch release 02.3.00a
- Enhancements in release 02.3.00
- Enhancements in release 02.2.01
- Enhancements in release 02.2.00g
- Enhancements in release 02.2.00
- Document conventions
- Notice to the reader
- Related publications
- Getting technical help or reporting errors
- Getting Started with the Command Line Interface
- Getting Familiar With the BigIron RX Series Switch Management Applications
- Using a Redundant Management Module
- How management module redundancy works
- Management module redundancy configuration
- Managing management module redundancy
- Monitoring management module redundancy
- Flash memory and PCMCIA flash card file management commands
- Management focus
- Flash memory file system
- PCMCIA flash card file system
- Wildcards
- Formatting a flash card
- Determining the current management focus
- Switching the management focus
- Displaying a directory of the files
- Displaying the contents of a file
- Displaying the hexadecimal output of a file
- Creating a subdirectory
- Removing a subdirectory
- Renaming a file
- Changing the read-write attribute of a file
- Deleting a file
- Recovering (“undeleting”) a file
- Appending a file to another file
- Copying files using the copy command
- Copying files using the cp command
- Loading the software
- Saving configuration changes
- File management messages
- Securing Access to Management Functions
- Securing access methods
- Restricting remote access to management functions
- Setting passwords
- Setting up local user accounts
- Configuring SSL security for the Web Management Interface
- Configuring TACACS and TACACS+ security
- How TACACS+ differs from TACACS
- TACACS and TACACS+ authentication, authorization, and accounting
- TACACS and TACACS+ configuration considerations
- Enabling SNMP to configure TACACS and TACACS
- Identifying the TACACS and TACACS+ servers
- Specifying different servers for individual AAA functions
- Setting optional TACACS and TACACS+ parameters
- Configuring authentication-method lists for TACACS and TACACS+
- Configuring TACACS+ authorization
- Configuring TACACS+ accounting
- Configuring an interface as the source for all TACACS and TACACS+ packets
- Displaying TACACS and TACACS+ statistics and configuration information
- Configuring RADIUS security
- RADIUS authentication, authorization, and accounting
- RADIUS configuration considerations
- RADIUS configuration procedure
- Configuring Brocade-specific attributes on the RADIUS server
- Enabling SNMP to configure RADIUS
- Identifying the RADIUS server to the BigIron RX
- Specifying different servers for individual AAA functions
- Setting RADIUS parameters
- Configuring authentication-method lists for RADIUS
- Configuring RADIUS authorization
- Configuring RADIUS accounting
- Configuring an interface as the source for all RADIUS packets
- Displaying RADIUS configuration information
- Configuring authentication-method lists
- Configuring Basic Parameters
- Entering system administration information
- Configuring Simple Network Management Protocol traps
- Configuring an interface as source for all Telnet packets
- Configuring an interface as the source for all TFTP packets
- Configuring an interface as the source for Syslog packets
- Specifying a Simple Network Time Protocol (SNTP) server
- Setting the system clock
- Configuring CLI banners
- Configuring terminal display
- Enabling or disabling routing protocols
- Displaying and modifying system parameter default settings
- Enabling or disabling Layer 2 switching
- CAM partitioning for the BigIron RX
- Changing the MAC age time
- Configuring static ARP entries
- Pinging an IPv4 address
- Configuring Interface Parameters
- Assigning a port name
- Assigning an IP address to a port
- Speed/Duplex negotiation
- Disabling or re-enabling a port
- Changing the default Gigabit negotiation mode
- Disabling or re-enabling flow control
- Locking a port to restrict addresses
- Wait for all cards feature
- Port transition hold timer
- Modifying port priority (QoS)
- Assigning a mirror port and monitor ports
- Monitoring an individual trunk port
- Mirror ports for Policy-Based Routing (PBR) traffic
- Displaying mirror and monitor port configuration
- Enabling WAN PHY mode support
- Configuring IP
- Overview of configuring IP
- The IP packet flow
- Basic IP parameters and defaults
- Configuring IP parameters
- Configuring packet parameters
- Changing the router ID
- Specifying a single source interface for Telnet, TACACS, TACACS+, or RADIUS packets
- Configuring an interface as the source for Syslog packets
- Configuring ARP parameters
- Configuring forwarding parameters
- Disabling ICMP messages
- Disabling ICMP redirect messages
- Configuring static routes
- Static route tagging
- Configuring a default network route
- Configuring IP load sharing
- Default route ECMP
- IP receive access list
- Configuring IRDP
- Configuring UDP broadcast and IP helper parameters
- Configuring BootP/DHCP forwarding parameters
- Displaying IP information
- Link Aggregation
- Link aggregation overview
- LAG formation rules
- LAG load sharing
- Configuration of a LAG
- Deploying a LAG
- Commands available under LAG once it is deployed
- Configuring ACL-based mirroring
- Disabling ports within a LAG
- Enabling ports within a LAG
- Monitoring an individual LAG port
- Assigning a name to a port within a LAG
- Enabling sFlow forwarding on a port within a LAG
- Setting the sFlow sampling rate for a port within a LAG
- Displaying LAG information
- Displaying LAG statistics
- Configuring LLDP
- Terms used in this chapter
- LLDP overview
- General operating principles
- MIB support
- Syslog messages
- Web Management
- Configuring LLDP
- Configuration notes and considerations
- Enabling and disabling LLDP
- Changing a port’s LLDP operating mode
- Specifying the maximum number of LLDP neighbors
- Enabling LLDP SNMP notifications and Syslog messages
- Specifying the minimum time between SNMP traps and Syslog messages
- Changing the minimum time between LLDP transmissions
- Changing the interval between regular LLDP transmissions
- Changing the holdtime multiplier for transmit TTL
- Changing the minimum time between port reinitializations
- LLDP TLVs advertised by the Brocade device
- Displaying LLDP statistics and configuration settings
- LLDP configuration summary
- LLDP statistics
- LLDP neighbors
- LLDP neighbors detail
- LLDP configuration details
- Resetting LLDP statistics
- Configuring Uni-Directional Link Detection (UDLD)
- VLANs
- Overview of Virtual Local Area Networks (VLANs)
- VLAN configuration rules
- Configuring port-based VLANs
- Configuring protocol-based VLANs
- Configuring virtual routing interfaces
- VLAN groups
- Configuring super aggregated VLANs
- Configuring 802.1q-in-q tagging
- Configuring 802.1q tag-type translation
- Private VLANs
- Other VLAN features
- Displaying VLAN information
- Transparent firewall mode
- Configuring Spanning Tree Protocol
- Configuring Rapid Spanning Tree Protocol
- Overview of Rapid Spanning Tree Protocol
- Edge ports and edge port roles
- Point-to-point ports
- Bridge port states
- Edge port and non-edge port states
- Changes to port roles and states
- State machines
- Convergence in a simple topology
- Convergence in a complex RSTP topology
- Compatibility of RSTP with 802.1D
- Configuring RSTP parameters
- Displaying RSTP information
- Metro Ring Protocol (MRP) Phase 1 and 2
- Metro Ring Protocol (MRP) phase 1
- MRP rings without shared interfaces
- Ring initialization
- How ring breaks are detected and healed
- Master VLANs and customer VLANs in a topology group
- Configuring MRP
- MRP phase 2
- Ring initialization for shared interfaces
- Using MRP diagnostics
- Displaying MRP information
- MRP CLI example
- Virtual Switch Redundancy Protocol (VSRP)
- Overview of Virtual Switch Redundancy Protocol (VSRP)
- Configuring basic VSRP parameters
- Enabling Layer 3 VSRP
- Configuring optional VSRP parameters
- Disabling VSRP on a VRID
- Configuring authentication
- Configuring a VRID IP address
- VSRP fast start
- Changing the backup priority
- Saving the timer values received from the master
- VSRP slow start
- Changing the Time-To-Live (TTL)
- Changing the hello interval
- Changing the dead interval
- Changing the backup hello state and interval
- Changing the hold-down interval
- Changing the default track priority
- Specifying a track port
- Disabling or re-enabling backup pre-emption
- Port transition hold timer
- Clearing VSRP information
- VSRP and MRP signaling
- Displaying VSRP information
- Topology Groups
- Configuring VRRP and VRRPE
- Configuring Quality of Service
- Overview of Quality of Service (QoS)
- Classification
- Marking
- Configuring ToS-based QoS
- Configuring the QoS mappings
- Displaying QoS configuration information
- Determining packet drop priority using WRED
- Configuring packet drop priority using WRED
- Scheduling traffic for forwarding
- Configuring multicast traffic engineering
- Configuring Traffic Reduction
- Layer 2 ACLs
- Access Control List
- How the BigIron RX processes ACLs
- Disabling or re-enabling Access Control Lists (ACLs)
- Default ACL action
- Types of IP ACLs
- ACL IDs and entries
- Enabling support for additional ACL statements
- ACL-based inbound mirroring
- Configuring numbered and named ACLs
- Displaying ACL definitions
- ACL logging
- Modifying ACLs
- Deleting ACL entries
- Applying ACLs to interfaces
- QoS options for IP ACLs
- Enabling ACL duplication check
- ACL accounting
- Enabling ACL filtering of fragmented or non-fragmented packets
- ACL filtering for traffic switched within a virtual routing interface
- ICMP filtering for extended ACLs
- Troubleshooting ACLs
- Policy-Based Routing
- Configuring IP Multicast Protocols
- Overview of IP multicasting
- Multicast terms
- Changing global IP multicast parameters
- IP multicast boundaries
- Passive Multicast Route Insertion (PMRI)
- Changing IGMP V1 and V2 parameters
- Adding an interface to a multicast group
- IGMP v3
- Default IGMP version
- Compatibility with IGMP V1 and V2
- Enabling the IGMP version per interface setting
- Enabling the IGMP version on a physical port within a virtual routing interface
- Setting the query interval
- Setting the group membership time
- Setting the maximum response time
- Displaying IGMPv3 information
- Clearing IGMP statistics
- IGMP V3 and source specific multicast protocols
- Configuring a static multicast route
- PIM dense
- PIM Sparse
- Route selection precedence for multicast
- Changing the Shortest Path Tree (SPT) threshold
- Displaying PIM Sparse configuration information and statistics
- Displaying basic PIM Sparse configuration information
- Displaying a list of multicast groups
- Displaying BSR information
- Displaying candidate RP information
- Displaying RP-to-group mappings
- Displaying RP information for a PIM Sparse group
- Displaying the RP set list
- Displaying multicast neighbor information
- Displaying information about an upstream neighbor device
- Displaying the PIM multicast cache
- Displaying PIM traffic statistics
- PIM-SSMv4
- Configuring Multicast Source Discovery Protocol (MSDP)
- Peer Reverse Path Forwarding (RPF) flooding
- Source active caching
- Configuring MSDP
- Enabling MSDP
- Configuring MSDP peers
- Designating an interface’s IP address as the RP’s IP address
- Filtering MSDP source-group pairs
- Filtering incoming source-active messages
- Filtering advertised source-active messages
- Displaying the differences before and after the source active filters are applied
- Configuring MSDP mesh groups
- Clearing MSDP information
- DVMRP overview
- Configuring DVMRP
- Configuring a static multicast route
- Configuring IP multicast traffic reduction
- Configuring RIP
- Overview of Routing Information Protocol (RIP)
- Configuring RIP parameters
- Enabling RIP
- Configuring metric parameters
- Changing the administrative distance
- Configuring redistribution
- Configuring route learning and advertising parameters
- Changing the route loop prevention method
- Suppressing RIP route advertisement on a VRRP or VRRPE backup interface
- Using prefix lists and route maps as route filters
- Setting RIP timers
- Displaying RIP filters
- Configuring OSPF Version 2 (IPv4)
- Overview of OSPF (Open Shortest Path First)
- Configuring OSPF
- Configuration rules
- OSPF parameters
- Enable OSPF on the router
- Assign OSPF areas
- Assigning an area range (optional)
- Assigning interfaces to an area
- Modify interface defaults
- Change the timer for OSPF authentication changes
- Block flooding of outbound LSAs on specific OSPF interfaces
- Assign virtual links
- Modify virtual link parameters
- Configuring an OSPF non-broadcast interface
- OSPF point-to-point links
- Changing the reference bandwidth for the cost on OSPF interfaces
- Define redistribution filters
- Modify default metric for redistribution
- Enable route redistribution
- Disable or re-enable load sharing
- Configure external route summarization
- Configure default route origination
- Configuring a default network route
- Modify SPF timers
- Modify redistribution metric type
- Modify administrative distance
- Configure OSPF group Link State Advertisement pacing
- OSPF ABR type 3 LSA filtering
- Displaying the configured OSPF area prefix list
- Modifying OSPF traps generated
- Modify OSPF standard compliance setting
- Modify exit overflow interval
- Specify types of OSPF Syslog messages to log
- Displaying OSPF information
- Displaying general OSPF configuration information
- Displaying CPU utilization and other OSPF tasks
- Displaying OSPF area information
- Displaying OSPF neighbor information
- Displaying OSPF interface information
- Displaying OSPF route information
- Displaying OSPF external link state Information
- Displaying OSPF database link state information
- Displaying OSPF ABR and ASBR information
- Displaying OSPF trap status
- Displaying OSPF virtual neighbor and link information
- OSPF graceful restart
- Configuring BGP4 (IPv4 and IPv6)
- Overview of BGP4
- Brocade implementation of BGP4
- Memory considerations
- Configuring BGP4
- Activating and disabling BGP4
- Entering and exiting the address family configuration level
- Filtering specific IP addresses
- Defining an AS-path filter
- Defining a community filter
- Configuring a switch to allow routes with its own AS number
- BGP Null0 routing
- Aggregating routes advertised to BGP4 neighbors
- Configuring the device to always compare MEDs
- Redistributing IBGP routes
- Disabling or re-enabling client-to-client route reflection
- Configuring a route reflector
- Enabling or disabling comparison of the router IDs
- Configuring confederations
- Configuring route flap dampening
- Originating the default route
- Changing the default local preference
- Changing the default metric used for redistribution
- Changing administrative distances
- Requiring the first AS to be the neighbor’s AS
- Enabling fast external fallover
- Setting the local AS number
- Changing the maximum number of shared BGP4 paths
- Treating missing MEDs as the worst MEDs
- Customizing BGP4 load sharing
- Configuring BGP4 neighbors
- Configuring a BGP4 peer group
- Specifying a list of networks to advertise
- Using the IP default route as a valid next hop for a BGP4 route
- Enabling next-hop recursion
- Modifying redistribution parameters
- Using a table map to set the tag value
- Changing the keep alive time and hold time
- Changing the BGP4 next-hop update timer
- Changing the router ID
- Adding a loopback interface
- Changing the maximum number of paths for BGP4 load sharing
- Configuring route reflection parameters
- Filtering
- Filtering AS-paths
- Filtering communities
- Defining and applying IP prefix lists
- Defining neighbor distribute lists
- Defining route maps
- Configuring cooperative BGP4 route filtering
- Configuring route flap dampening
- Generating traps for BGP
- Updating route information and resetting a neighbor session
- Clearing traffic counters
- Clearing route flap dampening statistics
- Removing route flap dampening
- Clearing diagnostic buffers
- Displaying BGP4 information
- Displaying summary BGP4 information
- Displaying the active BGP4 configuration
- Displaying summary neighbor information
- Displaying BGP4 neighbor information
- Displaying peer group information
- Displaying summary route information
- Displaying the BGP4 route table
- Displaying BGP4 route-attribute entries
- Displaying the routes BGP4 has placed in the IP route table
- Displaying route flap dampening statistics
- Displaying the active route map configuration
- Generalized TTL security mechanism support
- Configuring MBGP
- Configuring IS-IS (IPv4)
- Relationship to IP route table
- Intermediate systems and end systems
- Domain and areas
- Level-1 routing and Level-2 routing
- Neighbors and adjacencies
- Designated IS
- IS-IS CLI levels
- Configuring IPv4 IS-IS
- Globally configuring IS-IS on a device
- Setting the overload bit
- Configuring authentication
- Changing the IS-IS Level globally
- Disabling or re-enabling display of hostname
- Changing the sequence numbers PDU interval
- Changing the maximum LSP lifetime
- Changing the LSP refresh interval
- Changing the LSP generation interval
- Changing the LSP interval and retransmit interval
- Changing the SPF timer
- Globally disabling or re-enabling hello padding
- Logging adjacency changes
- Disabling partial SPF calculations
- Configuring IPv4 address family route parameters
- Changing the metric style
- Changing the maximum number of load sharing paths
- Enabling advertisement of a default route
- Changing the administrative distance for IPv4 IS-IS
- Configuring summary addresses
- Redistributing routes into IPv4 IS-IS
- Changing the default redistribution metric
- Redistributing static IPv4 routes into IPv4 IS-IS
- Redistributing directly connected routes into IPv4 IS-IS
- Redistributing RIP routes into IPv4 IS-IS
- Redistributing OSPF routes into IPv4 IS-IS
- Redistributing BGP4+ routes into IPv4 IS-IS
- Redistributing IPv4 IS-IS routes within IPv4 IS-IS
- Configuring ISIS properties on an interface
- Disabling and enabling IS-IS on an interface
- Disabling or re-enabling formation of adjacencies
- Setting the priority for designated IS election
- Limiting access to adjacencies with a neighbor
- Changing the IS-IS level on an interface
- Disabling and enabling hello padding on an interface
- Changing the hello interval
- Changing the hello multiplier
- Changing the metric added to advertised routes
- Displaying IPv4 IS-IS information
- Clearing IS-IS information
- BiDirectional Forwarding Detection (BFD)
- Configuring Secure Shell
- Configuring Multi-Device Port Authentication
- How multi-device port authentication works
- Configuring multi-device port authentication
- Enabling multi-device port authentication
- Configuring an authentication method list for 802.1x
- Setting RADIUS parameters
- Specifying the format of the MAC addresses sent to the RADIUS server
- Specifying the authentication-failure action
- Defining MAC address filters
- Configuring dynamic VLAN assignment
- Specifying to which VLAN a port is moved after its RADIUS-specified VLAN assignment expires
- Saving dynamic VLAN assignments to the running configuration file
- Clearing authenticated MAC addresses
- Disabling aging for authenticated MAC addresses
- Specifying the aging time for blocked MAC addresses
- Displaying multi-device port authentication information
- Example configurations
- Using the MAC Port Security Feature and Transparent Port Flooding
- MAC Port Security
- Configuring the MAC Port Security feature
- Enabling the MAC Port Security feature
- Setting the maximum number of secure MAC addresses for an interface
- Specifying static secure MAC addresses
- Enabling dynamic MAC address learning
- Denying specific MAC addresses
- Autosaving secure MAC addresses to the startup-config
- Setting the MAC Port Security age timer
- Defining security violation actions
- Understanding the rules for violation action configuration
- Re-enabling an interface
- Displaying MAC Port Security information
- Displaying MAC Port Security settings
- Displaying the secure MAC addresses list on the device
- Displaying MAC Port Security statistics
- Displaying a list of MAC addresses
- Displaying a list of secure and denied MAC addresses
- Displaying information when violation action is restrict
- Displaying information when violation action is deny
- Transparent port flooding
- Configuring 802.1x Port Security
- Overview of 802.1x port security
- How 802.1x port security works
- 802.1x port security and sFlow
- Configuring 802.1x port security
- Configuring an authentication method list for 802.1x
- Setting RADIUS parameters
- Configuring dynamic VLAN assignment for 802.1x ports
- Disabling and enabling strict security mode for dynamic filter assignment
- Dynamically applying existing ACLs or MAC address filter
- Configuring per-user IP ACLs or MAC address filters
- Enabling 802.1x port security
- Setting the port control
- Configuring periodic re-authentication
- Re-authenticating a port manually
- Setting the quiet period
- Setting the interval for retransmission of EAP-request/ identity frames
- Specifying the number of EAP-request/identity frame retransmissions
- Specifying a timeout for retransmission of messages to the authentication server
- Specifying a timeout for retransmission of EAP-request frames to the client
- Initializing 802.1x on a port
- Allowing multiple 802.1x clients to authenticate
- Displaying 802.1x information
- Sample 802.1x configurations
- Using multi-device port authentication and 802.1X security on the same port
- Protecting Against Denial of Service Attacks
- Inspecting and Tracking DHCP Packets
- Securing SNMP Access
- Enabling the Foundry Discovery Protocol (FDP) and Reading Cisco Discovery Protocol (CDP) Packets
- Remote Network Monitoring
- Configuring sFlow
- Multiple Spanning Tree Protocol (MSTP) 802.1s
- 802.1s Multiple Spanning Tree Protocol
- Multiple spanning-tree regions
- Configuring MSTP
- Setting the MSTP name
- Setting the MSTP revision number
- Configuring an MSTP instance
- Configuring port priority and port path cost
- Configuring bridge priority for an MSTP instance
- Setting the MSTP global parameters
- Setting ports to be operational edge ports
- Setting point-to-point link
- Disabling MSTP on a port
- Forcing ports to transmit an MSTP BPDU
- Enabling MSTP on a switch
- Displaying MSTP statistics
- Displaying MSTP information for a specified instance
- Displaying MSTP information for CIST instance 0
- 802.1s Multiple Spanning Tree Protocol
- Configuring IP Multicast Traffic Reduction
- IPv6 Addressing
- Configuring Basic IPv6 Connectivity
- Enabling IPv6 routing
- Configuring IPv6 on each router interface
- Configuring the management port for an IPv6 automatic address configuration
- IPv6 host support
- Configuring an IPv6 host address for a BigIron RX running a switch image
- Configuring a global or site-local IPv6 address with a manually configured interface ID as the switch’s system-wide address
- Configuring a global or site-local IPv6 address with an automatically computed EUI-64 interface ID as the switch’s system-wide address
- Configuring a link-local IPv6 address as the switch’s system-wide address
- Configuring IPv4 and IPv6 protocol stacks
- Configuring IPv6 Domain Name Server (DNS) resolver
- ECMP load sharing for IPv6
- DHCP relay agent for IPv6
- Configuring IPv6 ICMP
- Configuring IPv6 neighbor discovery
- Neighbor solicitation and advertisement messages
- Router advertisement and solicitation messages
- Neighbor redirect messages
- Setting neighbor solicitation parameters for duplicate address detection
- Setting IPv6 router advertisement parameters
- Controlling prefixes advertised in IPv6 router advertisement messages
- Setting flags in IPv6 router advertisement messages
- Enabling and disabling IPv6 router advertisements
- Configuring reachable time for remote IPv6 nodes
- Changing the IPv6 MTU
- Configuring static neighbor entries
- Limiting the number of hops an IPv6 packet can traverse
- QoS for IPv6 traffic
- Clearing global IPv6 information
- Displaying global IPv6 information
- Configuring RIPng
- Configuring BGP4+
- Address family configuration level
- Configuring BGP4+
- Enabling BGP4+
- Configuring BGP4+ neighbors using global or site-local IPv6 addresses
- Adding BGP4+ neighbors using link-local addresses
- Configuring a BGP4+ peer group
- Advertising the default BGP4+ route
- Importing routes into BGP4+
- Redistributing prefixes into BGP4+
- Aggregating routes advertised to BGP4 neighbors
- Using route maps
- Clearing BGP4+ information
- Displaying BGP4+ information
- Displaying the BGP4+ route table
- Displaying BGP4+ route information
- Displaying BGP4+ route-attribute entries
- Displaying the BGP4+ running configuration
- Displaying dampened BGP4+ paths
- Displaying filtered-out BGP4+ routes
- Displaying route flap dampening statistics
- Displaying BGP4+ neighbor information
- Displaying BGP4+ peer group configuration information
- Displaying BGP4+ summary
- Configuring IPv6 MBGP
- IPv6 Access Control Lists (ACLs)
- Configuring OSPF Version 3
- OSPF version 3
- Link state advertisement types for OSPFv3
- Configuring OSPFv3
- Enabling OSPFv3
- Assigning OSPFv3 areas
- Configuring virtual links
- Changing the reference bandwidth for the cost on OSPFv3 interfaces
- Redistributing routes into OSPFv3
- Filtering OSPFv3 routes
- Configuring default route origination
- Modifying shortest path first timers
- Modifying administrative distance
- Configuring the OSPFv3 LSA pacing interval
- Modifying exit overflow interval
- Modifying external link state database limit
- Modifying OSPFv3 interface defaults
- Disabling or reenabling event logging
- Displaying OSPFv3 information
- Displaying OSPFv3 area information
- Displaying OSPFv3 database Information
- Displaying OSPFv3 interface information
- Displaying OSPFv3 memory usage
- Displaying OSPFv3 neighbor information
- Displaying routes redistributed into OSPFv3
- Displaying OSPFv3 route information
- Displaying OSPFv3 SPF information
- Displaying IPv6 OSPF virtual link information
- Displaying OSPFv3 virtual neighbor information
- Configuring IPv6 Multicast Features
- IPv6 PIM sparse
- Multicast Listener Discovery and source specific multicast protocols (MLDv2)
- MLD version distinctions
- Enabling MLDv2
- Enabling source specific multicast
- Setting the query interval
- Setting the maximum response time
- Setting the last listener query count
- Setting the last listener query interval
- Setting the robustness
- Setting the version
- Specifying a port version
- Specifying a static group
- Setting the interface MLD version
- Displaying MLD information
- Displaying MLD group information
- Displaying MLD definitions for an interface
- Displaying MLD traffic
- Clearing IPv6 MLD traffic
- Embedded Rendezvous Point (RP)
- Configuring IPv6 Routes
- Continuous System Monitor
- Using Syslog
- Displaying Syslog messages
- Configuring the Syslog service
- Displaying the Syslog configuration
- Disabling or re-enabling Syslog
- Specifying a Syslog server
- Specifying an additional Syslog server
- Disabling logging of a message level
- Logging all CLI commands to Syslog
- Changing the number of entries the local buffer can hold
- Changing the log facility
- Displaying the interface name in Syslog messages
- Displaying TCP/UDP port numbers in Syslog messages
- Syslog messages
- Software Specifications
- IEEE compliance
- RFC compliance
- RFC compliance - BGPv4
- RFC compliance - OSPF
- RFC compliance - IS-IS
- RFC compliance - RIP
- RFC compliance - IP Multicast
- RFC compliance - general protocols
- RFC compliance - management
- RFC compliance - IPv6 core
- RFC compliance - IPv6 routing
- RFC compliance - IPv6 multicast
- RFC compliance - IPv6 transitioning
- RFC compliance - IPv6 management
- Internet drafts
- NIAP-CCEVS Certification
- Commands That Require a Reload
- Index to the CLI Commands
- ACLs (IP)
- ACLs (L2)
- BGP4
- FDP/CDP
- IP
- Metro Ring protocol
- IPv6 BGP4+
- IPv6 ACL
- IPv6 basic connectivity
- IPv6 multicast
- IPv6 RIPng
- IPv6 OSPFv3
- IS-IS
- Metro Ring
- MSTP
- Multicast (IP)
- Multicast (L2)
- OSPF version 4
- Port parameters
- Port-based routing
- Quality of Service (QoS)
- Rate limiting
- RIP
- RMON
- RSTP
- Security/Management
- Redundant management module
- SNMP
- SSH
- sFlow
- STP
- SysLog messages
- System parameters
- Topology
- LAG
- UDLD
- VLAN
- VRRP/VRRPE
- VSRP
BigIron RX Series Configuration Guide 91
53-1002253-01
Configuring TACACS and TACACS+ security
4
Within the authentication-method list, TACACS and TACACS+ is specified as the primary
authentication method and up to six backup authentication methods are specified as alternates. If
TACACS and TACACS+ authentication fails due to an error, the device tries the backup
authentication methods in the order they appear in the list.
When you configure authentication-method lists for TACACS and TACACS+ authentication, you must
create a separate authentication-method list for Telnet/SSH CLI access, and for access to the
Privileged EXEC level and CONFIG levels of the CLI.
To create an authentication-method list that specifies TACACS and TACACS+ as the primary
authentication method for securing Telnet/SSH access to the CLI.
BigIron RX(config)# enable telnet authentication
BigIron RX(config)# aaa authentication login default tacacs local
The commands above cause TACACS and TACACS+ to be the primary authentication method for
securing Telnet/SSH access to the CLI. If TACACS and TACACS+ authentication fails due to an error
with the server, authentication is performed using local user accounts instead.
To create an authentication-method list that specifies TACACS and TACACS+ as the primary
authentication method for securing access to Privileged EXEC level and CONFIG levels of the CLI.
BigIron RX(config)# aaa authentication enable default tacacs local none
The command above causes TACACS and TACACS+ to be the primary authentication method for
securing access to Privileged EXEC level and CONFIG levels of the CLI. If TACACS and TACACS+
authentication fails due to an error with the server, local authentication is used instead. If local
authentication fails, no authentication is used; the device automatically permits access.
For information on the command syntax, refer to “Examples of authentication-method lists” on
page 113.
NOTE
For examples of how to define authentication-method lists for types of authentication other than
TACACS and TACACS+, refer to “Configuring authentication-method lists” on page 112.
Entering privileged EXEC mode after a Telnet or SSH login
By default, a user enters User EXEC mode after a successful login through Telnet or SSH.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.
BigIron RX(config)# aaa authentication login privilege-mode
Syntax: aaa authentication login privilege-mode
The user’s privilege level is based on the privilege level granted during login.
Configuring Enable authentication to prompt for password only
If Enable authentication is configured on the device, by default, a user is prompted for a username
(up to 255 characters) and password when the user attempts to gain Super User access to the
Privileged EXEC and CONFIG levels of the CLI. You can configure the Brocade device to prompt only
for a password. The device uses the username entered at login, if one is available. If no username
was entered at login, the device prompts for both username and password.
To configure the device to prompt only for a password when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI.