Aaa authentication, authorization and accounting, Configuring local/remote logon authentication – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Page 872

Advertising
background image

822

Brocade 6910 Ethernet Access Switch Configuration Guide

53-1002581-01

AAA Authentication, Authorization and Accounting

41

AAA Authentication, Authorization and Accounting

The authentication, authorization, and accounting (AAA) feature provides the main framework for
configuring access control on the switch. The three security functions can be summarized as
follows:

Authentication — Identifies users that request access to the network.

Authorization — Determines if users can access specific services.

Accounting — Provides reports, auditing, and billing for services that users have accessed on
the network.

The AAA functions require the use of configured RADIUS or TACACS+ servers in the network. The
security servers can be defined as sequential groups that are applied as a method for controlling
user access to specified services. For example, when the switch attempts to authenticate a user, a
request is sent to the first server in the defined group, if there is no response the second server will
be tried, and so on. If at any point a pass or fail is returned, the process stops.

The switch supports the following AAA features:

Accounting for IEEE 802.1X authenticated users that access the network through the switch.

Accounting for users that access management interfaces on the switch through the console
and Telnet.

Accounting for commands that users enter at specific CLI privilege levels.

Authorization of users that access management interfaces on the switch through the console
and Telnet.

To configure AAA on the switch, you need to follow this general process:

1. Configure RADIUS and TACACS+ server access parameters. See

“Configuring Local/Remote

Logon Authentication”

on page 822.

2. Define RADIUS and TACACS+ server groups to support the accounting and authorization of

services.

3. Define a method name for each service to which you want to apply accounting or authorization

and specify the RADIUS or TACACS+ server groups to use.

4. Apply the method names to port or line interfaces.

NOTE

This guide assumes that RADIUS and TACACS+ servers have already been configured to support
AAA. The configuration of RADIUS and TACACS+ server software is beyond the scope of this guide,
refer to the documentation provided with the RADIUS or TACACS+ server software.

Configuring Local/Remote Logon Authentication

Use the Security > AAA > System Authentication page to specify local or remote authentication.
Local authentication restricts management access based on user names and passwords manually
configured on the switch. Remote authentication uses a remote access authentication server
based on RADIUS or TACACS+ protocols to verify management access.

CLI References

“Authentication Sequence”

on page 144

Advertising
Popular Brands
Popular manuals