beautypg.com

Radius server-to-ports configuration notes, Radius parameters, Setting the radius key – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 66

background image

RADIUS server-to-ports configuration notes

• This feature works with 802.1X and multi-device port authentication only.
• You can map a RADIUS server to a physical port only. You cannot map a RADIUS server to a VE.

RADIUS server-to-ports configuration example and command syntax

To map a RADIUS server to a port, enter commands such as the following.

device(config)#int e 3

device(config-if-e1000-3)#dot1x port-control auto

device(config-if-e1000-3)#use-radius-server 10.10.10.103

device(config-if-e1000-3)#use-radius-server 10.10.10.110

With the above configuration, port e 3 would send a RADIUS request to 10.10.10.103 first, since it is
the first server mapped to the port. If it fails, it will go to 10.10.10.110.

Syntax: use-radius-server ip-addr

The host ip-addr is an IPv4 address.

RADIUS parameters

You can set the following parameters in a RADIUS configuration:

• RADIUS key - This parameter specifies the value that the Brocade device sends to the RADIUS

server when trying to authenticate user access.

• Retransmit interval - This parameter specifies how many times the Brocade device will resend an

authentication request when the RADIUS server does not respond. The retransmit value can be
from 1 - 5 times. The default is 3 times.

• Timeout - This parameter specifies how many seconds the Brocade device waits for a response

from a RADIUS server before either retrying the authentication request, or determining that the
RADIUS servers are unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 - 15 seconds. The default is 3 seconds.

Setting the RADIUS key

The key parameter in the radius-server command is used to encrypt RADIUS packets before they
are sent over the network. The value for the key parameter on the Brocade device should match the
one configured on the RADIUS server. The key can be from 1 - 32 characters in length and cannot
include any space characters.

To specify a RADIUS server key, enter a command such as the following.

device(config)#radius-server key mirabeau

Syntax: radius-server key [ 0 ] string

When you display the configuration of the Brocade device, the RADIUS key is encrypted.

Brocade(config)#radius-server key abc

Brocade(config)#write terminal

...

Brocade(config)#sh run | in radius

radius-server key abc

RADIUS server-to-ports configuration notes

66

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: