Brocade Communications Systems Brocade ICX 6650 6650 User Manual
Page 4
iv
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Passwords used to secure access . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Setting a Telnet password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Setting passwords for management privilege levels . . . . . . . . . 14
Recovering from a lost password . . . . . . . . . . . . . . . . . . . . . . . . 16
Displaying the SNMP community string . . . . . . . . . . . . . . . . . . . 16
Specifying a minimum password length. . . . . . . . . . . . . . . . . . . 16
Local user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Enhancements to username and password . . . . . . . . . . . . . . . 17
Local user account configuration . . . . . . . . . . . . . . . . . . . . . . . . 21
Creating a password option. . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Changing a local user password . . . . . . . . . . . . . . . . . . . . . . . . . 24
TACACS and TACACS+ security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
How TACACS+ differs from TACACS. . . . . . . . . . . . . . . . . . . . . . . 24
TACACS/TACACS+ authentication, authorization,
and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
TACACS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
TACACS/TACACS+ configuration considerations . . . . . . . . . . . .30
Enabling TACACS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Identifying the TACACS/TACACS+ servers. . . . . . . . . . . . . . . . . . 31
Specifying different servers for individual AAA functions . . . . .32
Setting optional TACACS and TACACS+ parameters . . . . . . . . .32
Configuring authentication-method lists for
TACACS and TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Configuring TACACS+ authorization . . . . . . . . . . . . . . . . . . . . . .36
TACACS+ accounting configuration. . . . . . . . . . . . . . . . . . . . . . .39
Configuring an interface as the source for all
TACACS and TACACS+ packets . . . . . . . . . . . . . . . . . . . . . . . . . .40
Displaying TACACS/TACACS+ statistics and
configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
RADIUS security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
RADIUS authentication, authorization, and accounting . . . . . . 41
RADIUS configuration considerations. . . . . . . . . . . . . . . . . . . . .44
Configuring RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Brocade-specific attributes on the RADIUS server . . . . . . . . . .45
Enabling SNMP to configure RADIUS . . . . . . . . . . . . . . . . . . . . . 47
Identifying the RADIUS server to the Brocade device . . . . . . . . 47
Specifying different servers for individual AAA functions . . . . .48
RADIUS server per port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
RADIUS server to individual ports mapping . . . . . . . . . . . . . . . .49
RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Setting authentication-method lists for RADIUS . . . . . . . . . . . . 51
RADIUS authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
RADIUS accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Configuring an interface as the source for all
RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Displaying RADIUS configuration information . . . . . . . . . . . . . .56
Authentication-method lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Examples of authentication-method lists. . . . . . . . . . . . . . . . . .58
TCP Flags - edge port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Using TCP Flags in combination with other ACL features . . . . . 61