Radius server per port configuration notes, Radius configuration example and command syntax, Radius server to individual ports mapping – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual
Page 65: Radius, Server to individual ports mapping, Brocade device. refer to, Radius server to, Individual ports mapping
RADIUS server per port configuration notes
• This feature works with 802.1X and multi-device port authentication only.
• You can define up to eight RADIUS servers per Brocade device.
RADIUS configuration example and command syntax
The following shows an example configuration.
device(config)#radius-server host 10.10.10.103 auth-port 1812 acct-port 1813 default
key mykeyword dot1x port-only
device(config)#radius-server host 10.10.10.104 auth-port 1812 acct-port 1813 default
key mykeyword dot1x port-only
device(config)#radius-server host 10.10.10.105 auth-port 1812 acct-port 1813 default
key mykeyword dot1x
device(config)#radius-server host 10.10.10.106 auth-port 1812 acct-port 1813 default
key mykeyword dot1x
The above configuration has the following affect:
• RADIUS servers 10.10.10.103 and 10.10.10.104 will be used only to authenticate users on ports to
which the servers are mapped. To map a RADIUS server to a port, refer to
• RADIUS servers 10.10.10.105 and 10.10.10.106 will be used to authenticate users on ports to which
no RADIUS servers are mapped. For example, port e 9, to which no RADIUS servers are mapped,
will send a RADIUS request to the first configured RADIUS server, 10.10.10.105. If the request fails,
it will go to the second configured RADIUS server, 10.10.10.106. It will not send requests to
10.10.10.103 or 10.10.10.104, since these servers are configured as port servers.
Syntax: radius-server host { ip-addr | server-name } [ auth-port number ] [ acct-portnumber] [default
key string dot1x] [port-only]
The host ip-addr is the IPv4 address.
The auth-port number parameter is the Authentication port number; it is an optional parameter. The
default is 1645.
The acct-port number parameter is the Accounting port number; it is an optional parameter. The default
is 1646.
The default key string dot1x parameter indicates that this RADIUS server supports the 802.1X
standard. A RADIUS server that supports the 802.1X standard can also be used to authenticate
non-802.1X authentication requests.
The port-only parameter is optional and specifies that the server will be used only to authenticate users
on ports to which it is mapped.
RADIUS server to individual ports mapping
You can map up to eight RADIUS servers to each port on the Brocade device. The port will authenticate
users using only the RADIUS servers to which the port is mapped. If there are no RADIUS servers
mapped to a port, it will use the "global" servers for authentication.
As in previous releases, a port goes through the list of servers in the order in which it was mapped or
configured, until a server that can perform the requested function is found, or until every server in the
list has been tried.
RADIUS server per port configuration notes
FastIron Ethernet Switch Security Configuration Guide
65
53-1003088-03