Configuring, Brocade-specific attributes on the radius server – Brocade BigIron RX Series Configuration Guide User Manual
Page 173
BigIron RX Series Configuration Guide
95
53-1002484-04
Configuring RADIUS security
3
Configuring Brocade-specific attributes on the
RADIUS server
NOTE
For the BigIron RX, RADIUS Challenge is supported for 802.1x authentication but not for login
authentication.
During the RADIUS authentication process, if a user supplies a valid username and password, the
RADIUS server sends an Access-Accept packet to the device, authenticating the user. Within the
Access-Accept packet are three Brocade vendor-specific attributes that indicate:
•
The privilege level of the user
•
A list of commands
•
Whether the user is allowed or denied usage of the commands in the list
You must add these three Brocade vendor-specific attributes to your RADIUS server’s configuration,
and configure the attributes in the individual or group profiles of the users that will access the
BigIron RX.
Brocade’s Vendor-ID is 1991, with Vendor-Type 1. The following table describes the Brocade
vendor-specific attributes.
TABLE 38
Brocade vendor-specific attributes for RADIUS
Attribute name
Attribute ID
Data type
Description
brocade-privilege-level
1
integer
Specifies the privilege level for the user. This
attribute can be set to one of the following:
0
Super User level – Allows complete
read-and-write access to the system. This is
generally for system administrators and is the
only management privilege level that allows
you to configure passwords.
4
Port Configuration level – Allows
read-and-write access for specific ports but
not for global (system-wide) parameters.
5
Read Only level – Allows access to the
Privileged EXEC mode and CONFIG mode of
the CLI but only with read access.