Configuring radius, Brocade-specific attributes on the radius server – Brocade Communications Systems Brocade ICX 6650 6650 User Manual
Page 65
Brocade ICX 6650 Security Configuration Guide
45
53-1002601-01
RADIUS security
Configuring RADIUS
Follow the procedure given below to configure a Brocade device for RADIUS.
1. Configure Brocade vendor-specific attributes on the RADIUS server. Refer to
attributes on the RADIUS server”
2. Identify the RADIUS server to the Brocade device. Refer to
“Identifying the RADIUS server to the
3. Optionally specify different servers for individual AAA functions. Refer to
servers for individual AAA functions”
4. Optionally configure the RADIUS server as a “port only” server. Refer to
5. Optionally bind the RADIUS servers to ports on the Brocade device. Refer to
6. Set RADIUS parameters. Refer to
7. Configure authentication-method lists. Refer to
“Setting authentication-method lists for
8. Optionally configure RADIUS authorization. Refer to
9. Optionally configure RADIUS accounting.
Brocade-specific attributes on the RADIUS server
NOTE
For all Brocade devices, RADIUS Challenge is supported for 802.1x authentication but not for login
authentication.
During the RADIUS authentication process, if a user supplies a valid username and password, the
RADIUS server sends an Access-Accept packet to the Brocade device, authenticating the user.
Within the Access-Accept packet are three Brocade vendor-specific attributes that indicate:
•
The privilege level of the user
•
A list of commands
•
Whether the user is allowed or denied usage of the commands in the list
You must add these three Brocade vendor-specific attributes to your RADIUS server configuration,
and configure the attributes in the individual or group profiles of the users that will access the
Brocade device.
Brocade Vendor-ID is 1991, with Vendor-Type 1. The following table describes the Brocade
vendor-specific attributes.