beautypg.com

Configuring external server authentication, Remote server authentication overview, Login authentication mode – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 277

background image

Configuring External Server Authentication

Understanding and configuring remote server authentication.......................................277

Understanding and configuring RADIUS.......................................................................280

Understanding and configuring TACACS+ ...................................................................285

Understanding and configuring LDAP...........................................................................293

Understanding and configuring remote server authentication

Remote server authentication overview

Network OS supports various protocols to provide external Authentication, Authorization, and
Accounting (AAA) services for Brocade devices. Supported protocols include the following:

• RADIUS — Remote authentication dial-in user service
• LDAP/AD — Lightweight directory access protocol using Microsoft Active Directory (AD) in Windows
• TACACS+ — Terminal access controller access-control system plus

When configured to use a remote AAA service, the switch acts as a network access server client. The
switch sends all authentication, authorization, and accounting (AAA) service requests to the remote
RADIUS, LDAP, or TACACS+ server. The remote AAA server receives the request, validates the
request, and sends a response back to the switch.

The supported management access channels that integrate with RADIUS, TACACS+, or LDAP include
serial port, Telnet, or SSH.

When configured to use a remote RADIUS, TACACS+, or LDAP server for authentication, a switch
becomes a RADIUS, TACACS+, or LDAP client. In either of these configurations, authentication records
are stored in the remote host server database. Login and logout account name, assigned permissions,
and time-accounting records are also stored on the AAA server for each user.

Brocade recommends that you configure at least two remote AAA servers to provide redundancy in the
event of failure. For each of the supported AAA protocols, you can configure up to five external servers
on the switch. Each switch maintains its own server configuration.

Login authentication mode

The authentication mode is defined as the order in which AAA services are used on the switch for user
authentication during the login process. Network OS supports two sources of authentication: primary
and secondary. The secondary source of authentication is used in the event of primary source failover
and is optional for configuration. You can configure four possible sources for authentication:

• Local — Use the default switch-local database (default)
• RADIUS — Use an external RADIUS server
• LDAP — Use an external LDAP server
• TACACS+ — Use an external TACACS+ server

Network OS Administrator’s Guide

277

53-1003225-04

See also other documents in the category Brocade Computer Accessories: