Figure 162 a – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual
Page 874
824
Brocade 6910 Ethernet Access Switch Configuration Guide
53-1002581-01
AAA Authentication, Authorization and Accounting
41
FIGURE 162
Authentication Server Operation
RADIUS uses UDP while TACACS+ uses TCP. Also, note that RADIUS encrypts only the password in
the access-request packet from the client to the server, while TACACS+ encrypts the entire body of
the packet.
CLI References
•
•
•
Command Usage
•
If a remote authentication server is used, you must specify the message exchange parameters
for the remote authentication protocol. Both local and remote logon authentication control
management access via the console port, web browser, or Telnet.
•
RADIUS and TACACS+ logon authentication assign a specific privilege level for each user
name/password pair. The user name, password, and privilege level must be configured on the
authentication server. The encryption methods used for the authentication process must also
be configured or negotiated between the authentication server and logon client. This switch
can pass authentication messages between the server and client that have been encrypted
using MD5 (Message-Digest 5), TLS (Transport Layer Security), or TTLS (Tunneled Transport
Layer Security).
Parameters
These parameters are displayed:
Configure Server
•
RADIUS
•
Global – Provides globally applicable RADIUS settings.
•
Server Index – Specifies one of five RADIUS servers that may be configured. The switch
attempts authentication using the listed sequence of servers. The process ends when a
server either approves or denies access to a user.
•
Server IP Address – Address of authentication server.
(A Server Index entry must be selected to display this item.)
•
Accounting Server UDP Port – Network (UDP) port on authentication server used for
accounting messages.
(Range: 1-65535; Default: 1813)
Web
Telnet
RADIUS/
TACACS+
server
console
1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.