beautypg.com

Setting the retransmission limit, Setting the timeout parameter, Setting radius over ipv6 – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 67: Setting authentication-method lists for radius

background image

NOTE
Encryption of the RADIUS keys is done by default and the default value is 2
( SIMPLE_ENCRYPTION_BASE64). The 0 parameter disables encryption. The 1 parameter is not
required; it is provided for backwards compatibility.

Setting the retransmission limit

The retransmit parameter specifies the maximum number of retransmission attempts. When an
authentication request times out, the Brocade software will retransmit the request up to the maximum
number of retransmissions configured. The default retransmit value is 3 retries. The range of retransmit
values is from 1 - 5.

To set the RADIUS retransmit limit, enter a command such as the following.

device(config)#radius-server retransmit 5

Syntax: tacacs-server retransmit number

Setting the timeout parameter

The timeout parameter specifies how many seconds the Brocade device waits for a response from the
RADIUS server before either retrying the authentication request, or determining that the RADIUS server
is unavailable and moving on to the next authentication method in the authentication-method list. The
timeout can be from 1 - 15 seconds. The default is 3 seconds.

device(config)#radius-server timeout 5

Syntax: radius-server timeout number

Setting RADIUS over IPv6

Brocade devices support the ability to send RADIUS packets over an IPv6 network.

To enable the Brocade device to send RADIUS packets over IPv6, enter a command such as the
following at the Global CONFIG level of the CLI.

device(config)#radius-server host ipv6 2001:DB8::300

Syntax: radius-server host ipv6 ipv6-host-address

The ipv6-host address is the IPv6 address of the RADIUS server. When you enter the IPv6 host
address, you do not need to specify the prefix length. A prefix length of 128 is implied.

Setting authentication-method lists for RADIUS

You can use RADIUS to authenticate Telnet/SSH access and access to Privileged EXEC level and
CONFIG levels of the CLI. When configuring RADIUS authentication, you create authentication-method
lists specifically for these access methods, specifying RADIUS as the primary authentication method.

Within the authentication-method list, RADIUS is specified as the primary authentication method and up
to six backup authentication methods are specified as alternates. If RADIUS authentication fails due to
an error, the device tries the backup authentication methods in the order they appear in the list.

Setting the retransmission limit

FastIron Ethernet Switch Security Configuration Guide

67

53-1003088-03

See also other documents in the category Brocade Computer Accessories: