Radius configuration considerations, Radius configuration procedure – Brocade BigIron RX Series Configuration Guide User Manual
Page 172
94
BigIron RX Series Configuration Guide
53-1002484-04
Configuring RADIUS security
3
AAA security for commands pasted into the running configuration
If AAA security is enabled on the device, commands pasted into the running configuration are
subject to the same AAA operations as if they were entered manually.
When you paste commands into the running configuration, and AAA command authorization or
accounting is configured on the device, AAA operations are performed on the pasted commands.
The AAA operations are performed before the commands are actually added to the running
configuration. The server performing the AAA operations should be reachable when you paste the
commands into the running configuration file. If the device determines that a pasted command is
invalid, AAA operations are halted on the remaining commands. The remaining commands may not
be executed if command authorization is configured.
NOTE
Since RADIUS command authorization relies on a list of commands received from the RADIUS server
when authentication is performed, it is important that you use RADIUS authentication when you also
use RADIUS command authorization.
RADIUS configuration considerations
Consider the following to configure RADIUS:
•
You must deploy at least one RADIUS server in your network.
•
The device supports authentication using up to eight RADIUS servers. The device tries to use
the servers in the order you add them to the device’s configuration. If one RADIUS server is not
responding, the Brocade device tries the next one in the list.
•
You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select RADIUS
as the primary authentication method for Telnet CLI access, but you cannot also select
TACACS+ authentication as the primary method for the same type of access. However, you can
configure backup authentication methods for each access type.
RADIUS configuration procedure
Use the following procedure to configure a BigIron RX for RADIUS.
1. Configure Brocade vendor-specific attributes on the RADIUS server. Refer to
Brocade-specific attributes on the RADIUS server”
2. Identify the RADIUS server to the BigIron RX. Refer to
“Identifying the RADIUS server to the
3. Set RADIUS parameters. Refer to
4. Configure authentication-method lists. Refer to
“Configuring authentication-method lists for
5. Optionally configure RADIUS authorization. Refer to
“Configuring RADIUS authorization”
6. Optionally configure RADIUS accounting.