beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 4

background image

iv

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Web interface login lockout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Creating an encrypted all-numeric password . . . . . . . . . . . . . . . . . .26

Granting access by time of day . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Configuring SSL security for the Web
Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Enabling the SSL server on a Brocade device . . . . . . . . . . . . . . 27
Importing digital certificates and RSA
private key files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Generating an SSL certificate . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Configuring TACACS or TACACS+ security . . . . . . . . . . . . . . . . . . . . .28

How TACACS+ differs from TACACS. . . . . . . . . . . . . . . . . . . . . . .29
TACACS or TACACS+ authentication, authorization,
and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
TACACS or TACACS+ configuration considerations . . . . . . . . . .33
Enabling SNMP traps for TACACS . . . . . . . . . . . . . . . . . . . . . . . .34
Identifying the TACACS or TACACS+ servers . . . . . . . . . . . . . . . .34
Specifying different servers for individual AAA
TACACS functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Setting optional TACACS or TACACS+ parameters . . . . . . . . . . .36
Configuring authentication-method lists for
TACACS or TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configuring TACACS+ authorization . . . . . . . . . . . . . . . . . . . . . .40
Configuring TACACS+ accounting . . . . . . . . . . . . . . . . . . . . . . . .43
Configuring an interface as the source for all
TACACS or TACACS+ packets . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Displaying TACACS or TACACS+ statistics and
configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Validating TACACS+ reply packets. . . . . . . . . . . . . . . . . . . . . . . .46

Configuring RADIUS security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

RADIUS authentication, authorization, and
accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
RADIUS configuration considerations. . . . . . . . . . . . . . . . . . . . .53
RADIUS configuration procedure . . . . . . . . . . . . . . . . . . . . . . . .54
Configuring Brocade-specific attributes on the
RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Enabling SNMP traps for RADIUS . . . . . . . . . . . . . . . . . . . . . . . . 57
Identifying the RADIUS server to the Brocade device . . . . . . . . 57
Specifying different servers for individual
AAA functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Radius health check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Configuring authentication-method lists for RADIUS. . . . . . . . .60
Configuring RADIUS authorization . . . . . . . . . . . . . . . . . . . . . . .62
Configuring RADIUS accounting . . . . . . . . . . . . . . . . . . . . . . . . .64
Configuring an interface as the source for all
RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Configuring an IPv6 interface as the source for all
RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Displaying RADIUS configuration information . . . . . . . . . . . . . .66

Configuring AAA on the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

See also other documents in the category Brocade Computer Accessories: