beautypg.com

Configuring radius security, Radius authentication – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 67

background image

Multi-Service IronWare Security Configuration Guide

49

53-1003035-02

Configuring RADIUS security

1

Configuring RADIUS security

You can use a Remote Authentication Dial In User Service (RADIUS) server to secure the following
types of access to the Brocade devices:

Telnet access

SSH access

Web management access

Access to the Privileged EXEC level and CONFIG levels of the CLI

NOTE

The Brocade devices do not support RADIUS security for SNMP (Brocade Network Advisor) access.

RADIUS authentication, authorization, and
accounting

When RADIUS authentication is implemented, the Brocade device consults a RADIUS server to
verify usernames and passwords. Optionally, you can configure RADIUS authorization, in which the
Brocade device consults a list of commands supplied by the RADIUS server to determine whether a
user can execute a command that has been entered. You can also configure RADIUS accounting,
which causes the Brocade device to log information on a RADIUS accounting server when specified
events occur on the device.

NOTE

By default, a user logging into the device through Telnet or SSH first enters the User EXEC level. The
user can then enter the enable command to get to the Privileged EXEC level.

NOTE

A user that is successfully authenticated can be automatically placed at the Privileged EXEC level
after login. Refer to

“Entering privileged EXEC mode after a Telnet or SSH login”

.

RADIUS authentication

The following events occur when RADIUS authentication takes place.

Warning: Invalid server msg length in TACACS+
accounting reply

The server message length specified is not within packet
boundary

Warning: Invalid server msg in TACACS+
accounting reply

Invalid or null data found in server message

Warning: Invalid data length in TACACS+
accounting reply

The data length specified is not within packet boundary

Warning: Invalid TACACS+ accounting reply.
packet total length mismatch

The total number of bytes parsed successfully from the
received packet is not matching with data length specified in
the packet

TABLE 9

Accounting reply validation

Error warning message

Error condition

See also other documents in the category Brocade Computer Accessories: