Identifying the radius server to the device, Configuring a radius server per port, Specifying different – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 140: Servers for individual aaa functions, Configuring a radius, Server per port
106
Brocade TurboIron 24X Series Configuration Guide
53-1003053-01
Configuring RADIUS security
Identifying the RADIUS server to the device
To use a RADIUS server to authenticate access to a device, you must identify the server to the
device.
Example
TurboIron(config)#radius-server host 10.157.22.99
Syntax: radius-server host <ip-addr> | <iipv6-addr> | <server-name> [auth-port <number>]
[acct-port <number>]
The host <ip-addr> | <ipv6-addr> | <server-name> parameter is either an IP address or an ASCII
text string.
The <auth-port> parameter is the Authentication port number. The default is 1645.
The <acct-port> parameter is the Accounting port number. The default is 1646.
Specifying different servers for individual AAA functions
In a RADIUS configuration, you can designate a server to handle a specific AAA task. For example,
you can designate one RADIUS server to handle authorization and another RADIUS server to
handle accounting. You can specify individual servers for authentication and accounting, but not
for authorization. You can set the RADIUS key for each server.
To specify different RADIUS servers for authentication, authorization, and accounting, enter
commands such as the following.
TurboIron(config)#radius-server host 10.2.3.4 auth-port 1645 acct-port 1646
authentication-only key abc
TurboIron(config)#radius-server host 10.2.3.6 auth-port 1645 acct-port 1646
accounting-only key ghi
Syntax: radius-server host <ip-addr> | <ipv6-addr> | <server-name> [auth-port <number>]
[acct-port <number>] [authentication-only | accounting-only | default] [key 0 | 1
<string>]
The default parameter causes the server to be used for all AAA functions.
After authentication takes place, the server that performed the authentication is used for
authorization and accounting. If the authenticating server cannot perform the requested function,
then the next server in the configured list of servers is tried; this process repeats until a server that
can perform the requested function is found, or every server in the configured list has been tried.
Configuring a RADIUS server per port
You can optionally configure a RADIUS server per port, indicating that it will be used only to
authenticate users on ports to which it is mapped. A RADIUS server that is not explicitly configured
as a RADIUS server per port is a global server, and can be used to authenticate users on ports to
which no RADIUS servers are mapped.
Configuration notes
•
This feature works with 802.1X and multi-device port authentication only.
•
As in previous releases, yYou can define up to eight RADIUS servers per device.