Configuring radius security, Radius authentication – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 134

Advertising
background image

100

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring RADIUS security

The following table describes the TACACS/TACACS+ information displayed by the show aaa
command.

Configuring RADIUS security

You can use a Remote Authentication Dial In User Service (RADIUS) server to secure the following
types of access to the Layer 2 Switch or Layer 3 Switch:

Telnet access

SSH access

Access to the Privileged EXEC level and CONFIG levels of the CLI

NOTE

Devices do not support RADIUS security for SNMP (Brocade Network Advisor) access.

RADIUS authentication, authorization, and accounting

When RADIUS authentication is implemented, the device consults a RADIUS server to verify user
names and passwords. You can optionally configure RADIUS authorization, in which the device
consults a list of commands supplied by the RADIUS server to determine whether a user can
execute a command he or she has entered, as well as accounting, which causes the device to log
information on a RADIUS accounting server when specified events occur on the device.

RADIUS authentication

When RADIUS authentication takes place, the following events occur.

TABLE 22

Output of the show aaa command for TACACS/TACACS+

Field

Description

Tacacs+ key

The setting configured with the tacacs-server key command. At the Super User privilege level,
the actual text of the key is displayed. At the other privilege levels, a string of periods (....) is
displayed instead of the text.

Tacacs+ retries

The setting configured with the tacacs-server retransmit command.

Tacacs+ timeout

The setting configured with the tacacs-server timeout command.

Tacacs+
dead-time

The setting configured with the tacacs-server dead-time command.

Tacacs+ Server

For each TACACS/TACACS+ server, the IP address, port, and the following statistics are
displayed:

opens - Number of times the port was opened for communication with the server

closes - Number of times the port was closed normally

timeouts - Number of times port was closed due to a timeout

errors - Number of times an error occurred while opening the port

packets in - Number of packets received from the server

packets out - Number of packets sent to the server

connection

The current connection status. This can be “no connection” or “connection active”.

Advertising
Popular Brands
Popular manuals