Figure 168 a – Brocade 6910 Ethernet Access Switch Configuration Guide (Supporting R2.2.0.0) User Manual

Page 906

Advertising
background image

850

Brocade 6910 Ethernet Access Switch Configuration Guide

53-1002651-02

42

AAA Authentication, Authorization and Accounting

FIGURE 168

Authentication Server Operation

RADIUS uses UDP while TACACS+ uses TCP. Also, note that RADIUS encrypts only the password in
the access-request packet from the client to the server, while TACACS+ encrypts the entire body of
the packet.

CLI References

“RADIUS Client”

on page 144

“TACACS+ Client”

on page 148

“AAA”

on page 151

Command Usage

If a remote authentication server is used, you must specify the message exchange parameters
for the remote authentication protocol. Both local and remote logon authentication control
management access via the console port, web browser, or Telnet.

RADIUS and TACACS+ logon authentication assign a specific privilege level for each user
name/password pair. The user name, password, and privilege level must be configured on the
authentication server. The encryption methods used for the authentication process must also
be configured or negotiated between the authentication server and logon client. This switch
can pass authentication messages between the server and client that have been encrypted
using MD5 (Message-Digest 5), TLS (Transport Layer Security), or TTLS (Tunneled Transport
Layer Security).

Parameters
These parameters are displayed:

Configure Server

RADIUS

Global – Provides globally applicable RADIUS settings.

Server Index – Specifies one of five RADIUS servers that may be configured. The switch
attempts authentication using the listed sequence of servers. The process ends when a
server either approves or denies access to a user.

Server IP Address – Address of authentication server.
(A Server Index entry must be selected to display this item.)

Accounting Server UDP Port – Network (UDP) port on authentication server used for
accounting messages.
(Range: 1-65535; Default: 1813)

Web
Telnet

RADIUS/
TACACS+
server

console

1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.

Advertising
See also other documents in the category Brocade Computer Accessories: