HP StorageWorks 4/16 Brocade OS Command Reference Manual Supporting Fabric OS - Page 33

aaaConfig 2 The distinction between protocols is only applicable to the packets between a system and the RADIUS server. Between the user and system, passwords are always used. --remove server Removes the specified server from the configuration. The server must match one of the IP addresses or the names shown in the current configuration. The following operand is required: -conf radius|ldap Specifies the server configuration as either RADIUS or LDAP. If the server is enabled, the command does not allow the last server to be removed from the configuration list. RADIUS or LDAP must first be disabled before the last server of the specified type may be removed. --move server options Moves the specified server from the current position in a RADIUS/LDAP configuration list to the specified position. If the specified position is the same as the current position, no change takes place. Valid options are: -conf radius|ldap Specifies the server configuration as either RADIUS or LDAP. This operand is required. to_position Specifies the new position for the server. Use the --show option to determine current server positions. The value for to_position must be within the range of server positions in the current configuration. --authspec aaa1[;aaa2 [-backup] Replace the configuration with the specified AAA service. Each service can be specified only once in the list i.e. 'radius; local; radius' is invalid. No edit option is provided. The authspec option takes as argument a semi-colon separated list of AAA services. Services must be enclosed in quotation marks. The following AAA services and service pairs are valid: "local" Default setting. Authenticates the user against the local database only. If the password does not match or the user is not defined, the login fails. "radius" When RADIUS is specified, the first RADIUS server will be contacted. If the RADIUS server is not reachable, then the next RADIUS server will be contacted. If the authentication fails, then the authentication process will not check for the next server in the sequence. "ldap" When ldap is specified, the first ADir server will be contacted. If the ADir server is not reachable, then the next ADir server will be contacted. If the authentication fails, then the authentication process will not check for the next server in the sequence. "radius;local" Enables the current RADIUS configuration as the primary AAA service and the switch-local database as the secondary AAA service.When "radius" and "local" are specified, if the RADIUS servers are reachable and the user credentials are correct the user authentication succeeds. If the user provides credentials from the switch database, RADIUS authentication would fail but login would still succeed through the switch database. Fabric OS Command Reference 7 53-1000599-01