Setting radius parameters, Configuration example and command syntax, Setting the radius key – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 142

Advertising
background image

108

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring RADIUS security

Configuration example and command syntax

To map a RADIUS server to a port, enter commands such as the following.

TurboIron(config)#int e 3

TurboIron(config-if-e10000-3)#dot1x port-control auto

TurboIron(config-if-e10000-3)#use-radius-server 10.10.10.103

TurboIron(config-if-e10000-3)#use-radius-server 10.10.10.110

With the above configuration, port e 3 would send a RADIUS request to 10.10.10.103 first, since it
is the first server mapped to the port. If it fails, it will go to 10.10.10.110.

Syntax: use-radius-server <ip-addr>

The host <ip-addr> is an IPv4 address.

Setting RADIUS parameters

You can set the following parameters in a RADIUS configuration:

RADIUS key – This parameter specifies the value that the device sends to the RADIUS server
when trying to authenticate user access.

Retransmit interval – This parameter specifies how many times the device will resend an
authentication request when the RADIUS server does not respond. The retransmit value can be
from 1 – 5 times. The default is 3 times.

Timeout – This parameter specifies how many seconds the device waits for a response from a
RADIUS server before either retrying the authentication request, or determining that the
RADIUS servers are unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.

Setting the RADIUS key

The key parameter in the radius-server command is used to encrypt RADIUS packets before they
are sent over the network. The value for the key parameter on the device should match the one
configured on the RADIUS server. The key can be from 1 – 32 characters in length and cannot
include any space characters.

To specify a RADIUS server key, enter a command such as the following.

TurboIron(config)#radius-server key mirabeau

Syntax: radius-server key [0 | 1] <string>

When you display the configuration of the device, the RADIUS key is encrypted.

Example

TurboIron(config)#radius-server key 1 abc

TurboIron(config)#write terminal

...

radius-server host 10.2.3.5

radius key 1 $!2d

NOTE

Encryption of the RADIUS keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.

Advertising
Popular Brands
Popular manuals