Radius authorization, Radius accounting – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 98

Advertising
background image

86

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring RADIUS security

2

8. If the password is valid, the RADIUS server sends an Access-Accept packet to the Brocade

Virtual ADX, authenticating the user. Within the Access-Accept packet are three Brocade
vendor-specific attributes that indicate:

The privilege level of the user

A list of commands

Whether the user is allowed or denied usage of the commands in the list

The last two attributes are used with RADIUS authorization, if configured.

9. The user is authenticated, and the information supplied in the Access-Accept packet for the

user is stored on the Brocade Virtual ADX. The user is granted the specified privilege level. If
you configure RADIUS authorization, the user is allowed or denied usage of the commands in
the list.

RADIUS authorization

When RADIUS authorization takes place, the following events occur.

1. A user previously authenticated by a RADIUS server enters a command on the Brocade Virtual

ADX.

2. The Brocade Virtual ADX looks at its configuration to see if the command is at a privilege level

that requires RADIUS command authorization.

3. If the command belongs to a privilege level that requires authorization, the Brocade Virtual

ADX looks at the list of commands delivered to it in the RADIUS Access-Accept packet when the
user was authenticated. (Along with the command list, an attribute was sent that specifies
whether the user is permitted or denied usage of the commands in the list.)

NOTE

After RADIUS authentication takes place, the command list resides on the Brocade Virtual ADX.
The RADIUS server is not consulted again once the user has been authenticated. This means
that any changes made to the user’s command list on the RADIUS server are not reflected until
the next time the user is authenticated by the RADIUS server, and the new command list is
sent to the Brocade Virtual ADX.

4. If the command list indicates that the user is authorized to use the command, the command is

executed.

RADIUS accounting

RADIUS accounting works as follows.

1. One of the following events occur on the Brocade Virtual ADX:

A user logs into the management interface using Telnet or SSH

A user enters a command for which accounting has been configured

A system event occurs, such as a reboot or reloading of the configuration file

2. The Brocade Virtual ADX checks its configuration to see if the event is one for which RADIUS

accounting is required.

3. If the event requires RADIUS accounting, the Brocade Virtual ADX sends a RADIUS Accounting

Start packet to the RADIUS accounting server, containing information about the event.

Advertising
Popular Brands
Popular manuals