Brocade FastIron Ethernet Switch Security Configuration Guide User Manual
Page 4
Setting optional TACACS and TACACS+ parameters......................49
Configuring authentication-method lists forTACACS and
TACACS+....................................................................................50
Configuring TACACS+ authorization................................................ 53
TACACS+ accounting configuration................................................. 55
Configuring an interface as the source for allTACACS and
TACACS+ packets...................................................................... 56
Displaying TACACS/TACACS+ statistics andconfiguration
information...................................................................................57
RADIUS authentication, authorization, and accounting.................... 58
RADIUS configuration considerations...............................................61
Configuring RADIUS......................................................................... 61
Brocade-specific attributes on the RADIUS server........................... 62
Enabling SNMP to configure RADIUS.............................................. 63
Identifying the RADIUS server to the Brocade device...................... 64
Specifying different servers for individual AAA functions..................64
RADIUS server per port.................................................................... 64
RADIUS server to individual ports mapping......................................65
RADIUS parameters......................................................................... 66
Setting authentication-method lists for RADIUS............................... 67
RADIUS authorization.......................................................................69
RADIUS accounting.......................................................................... 71
Configuring an interface as the source for allRADIUS packets........ 72
Displaying RADIUS configuration information...................................72
Specifying a port for SSL communication......................................... 73
Changing the SSL server certificate key size....................................74
Support for SSL digital certificates larger than 2048 bits.................. 74
Importing digital certificates and RSA private key files..................... 74
Generating an SSL certificate........................................................... 75
Deleting the SSL certificate...............................................................75
Using TCP Flags in combination with other ACL features................ 79
Tested SSH2 clients..........................................................................82
SSH2 supported features..................................................................82
SSH2 unsupported features..............................................................83
Configuring SSH2............................................................................. 83
Enabling and disabling SSH by generating and deleting host
keys............................................................................................. 84
Configuring DSA or RSA challenge-response authentication...........86
Setting the number of SSH authentication retries.............................88
Deactivating user authentication.......................................................88
Enabling empty password logins.......................................................89
Setting the SSH port number............................................................ 89
Setting the SSH login timeout value................................................. 89
Designating an interface as the source for all SSH packets............. 90
Configuring the maximum idle time for SSH sessions...................... 90
4
FastIron Ethernet Switch Security Configuration Guide
53-1003088-03