Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
141142143144145146147148149150
126 ServerIron ADX Administration Guide
53-1002434-01
Configuring RADIUS security
2
You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select RADIUS
as the primary authentication method for Telnet CLI access, but you cannot also select
TACACS+ authentication as the primary method for the same type of access. However, you can
configure backup authentication methods for each access type.
RADIUS configuration procedure
Use the following procedure to configure a ServerIron for RADIUS.
1. Configure Brocade vendor-specific attributes on the RADIUS server. Refer to “Configuring
Brocade-specific attributes on the RADIUS server” on page 126.
2. Identify the RADIUS server to the ServerIron. Refer to “Identifying the RADIUS server to the
ServerIron” on page 127.
3. Set RADIUS parameters. Refer to “Setting RADIUS parameters” on page 128.
4. Configure authentication-method lists. Refer to “Configuring authentication-method lists for
RADIUS” on page 129.
5. Optionally configure RADIUS authorization. Refer to “Configuring RADIUS authorization” on
page 131.
6. Optionally configure RADIUS accounting. “Configuring RADIUS accounting” on page 133.
Configuring Brocade-specific attributes on the RADIUS server
During the RADIUS authentication process, if a user supplies a valid username and password, the
RADIUS server sends an Access-Accept packet to the ServerIron, authenticating the user. Within
the Access-Accept packet are three Brocade vendor-specific attributes that indicate:
The privilege level of the user
A list of commands
Whether the user is allowed or denied usage of the commands in the list
You must add these three Brocade vendor-specific attributes to your RADIUS server’s configuration,
and configure the attributes in the individual or group profiles of the users that will access the
ServerIron.
Brocade’s Vendor-ID is 1991, with Vendor-Type 1. The following table describes the Brocade
vendor-specific attributes.