Radius security, Radius authentication – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 61

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

41

53-1002601-01

RADIUS security

RADIUS security

You can use a Remote Authentication Dial In User Service (RADIUS) server to secure the following
types of access to the Brocade Layer 2 switch or Layer 3 switch:

Telnet access

SSH access

Access to the Privileged EXEC level and CONFIG levels of the CLI

RADIUS authentication, authorization, and accounting

When RADIUS authentication is implemented, the Brocade device consults a RADIUS server to
verify user names and passwords. You can optionally configure RADIUS authorization, in which the
Brocade device consults a list of commands supplied by the RADIUS server to determine whether a
user can execute a command he or she has entered, as well as accounting, which causes the
Brocade device to log information on a RADIUS accounting server when specified events occur on
the device.

RADIUS authentication

When RADIUS authentication takes place, the following events occur.

1. A user attempts to gain access to the Brocade device by doing one of the following:

Logging into the device using Telnet or SSH

Entering the Privileged EXEC level or CONFIG level of the CLI

2. The user is prompted for a username and password.

3. The user enters a username and password.

TABLE 6

Output of the show aaa command for TACACS/TACACS+

Field

Description

Tacacs+ key

The setting configured with the tacacs-server key command. At the Super User privilege level,
the actual text of the key is displayed. At the other privilege levels, a string of periods (....) is
displayed instead of the text.

Tacacs+ retries

The setting configured with the tacacs-server retransmit command.

Tacacs+ timeout

The setting configured with the tacacs-server timeout command.

Tacacs+
dead-time

The setting configured with the tacacs-server dead-time command.

Tacacs+ Server

For each TACACS/TACACS+ server, the IP address, port, and the following statistics are
displayed:

opens - Number of times the port was opened for communication with the server

closes - Number of times the port was closed normally

timeouts - Number of times port was closed due to a timeout

errors - Number of times an error occurred while opening the port

packets in - Number of packets received from the server

packets out - Number of packets sent to the server

connection

The current connection status. This can be “no connection” or “connection active”.

Advertising
Popular Brands
Popular manuals