Radius configuration procedure – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 138

Advertising
background image

104

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring RADIUS security

You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select RADIUS as
the primary authentication method for Telnet CLI access, but you cannot also select TACACS+
authentication as the primary method for the same type of access. However, you can configure
backup authentication methods for each access type.

RADIUS configuration procedure

Follow the procedure given below to configure a device for RADIUS.

1. Configure Brocade vendor-specific attributes on the RADIUS server. Refer to

“Configuring

Brocade-specific attributes on the RADIUS server”

on page 104.

2. Identify the RADIUS server to the device. Refer to

“Identifying the RADIUS server to the device”

on page 106.

3. Optionally specify different servers for individual AAA functions. Refer to

“Specifying different

servers for individual AAA functions”

on page 106.

4. Optionally configure the RADIUS server as a “port only” server. Refer to

“Configuring a RADIUS

server per port”

on page 106.

5. Optionally bind the RADIUS servers to ports on the device. Refer to

“Mapping a RADIUS server

to individual ports”

on page 107.

6. Set RADIUS parameters. Refer to

“Setting RADIUS parameters”

on page 108.

7. Configure authentication-method lists. Refer to

“Configuring authentication-method lists for

RADIUS”

on page 109.

8. Optionally configure RADIUS authorization. Refer to

“Configuring RADIUS authorization”

on

page 111.

9. Optionally configure RADIUS accounting.

“Configuring RADIUS accounting”

on page 113.

Configuring Brocade-specific attributes on the RADIUS server

NOTE

For all devices, RADIUS Challenge is supported for 802.1x authentication but not for login
authentication.

During the RADIUS authentication process, if a user supplies a valid username and password, the
RADIUS server sends an Access-Accept packet to the device, authenticating the user. Within the
Access-Accept packet are three Brocade vendor-specific attributes that indicate:

The privilege level of the user

A list of commands

Whether the user is allowed or denied usage of the commands in the list

You must add these three Brocade vendor-specific attributes to your RADIUS server configuration,
and configure the attributes in the individual or group profiles of the users that will access the
device.

Brocade Vendor-ID is 1991, with Vendor-Type 1. The following table describes the Brocade
vendor-specific attributes.

Advertising
Popular Brands
Popular manuals