beautypg.com

Radius authorization, Radius accounting – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 69

background image

Multi-Service IronWare Security Configuration Guide

51

53-1003035-02

Configuring RADIUS security

1

Telnet - 08-25-2010 -- 11:20:18 This is the message of the day

Telnet - 08-25-2010 -- 11:20:18

Telnet - 08-25-2010 -- 11:20:18 User Access Verification

Telnet - 08-25-2010 -- 11:20:18

Telnet - 08-25-2010 -- 11:20:38 Please Enter Login Name: pbikram3

Telnet - 08-25-2010 -- 11:20:58 Please Enter Password:

Telnet - 08-25-2010 -- 11:21:01

Telnet - 08-25-2010 -- 11:21:06 Enter a new PIN having from 4 to 8 alphanumeric

characters:

Telnet - 08-25-2010 -- 11:21:07

Telnet - 08-25-2010 -- 11:21:10 Please re-enter new PIN:

Telnet - 08-25-2010 -- 11:21:12

Telnet - 08-25-2010 -- 11:21:12 PIN Accepted.

Telnet - 08-25-2010 -- 11:21:12 Wait for the token code to change,

Telnet - 08-25-2010 -- 11:21:36 then enter the new

passcode:+

Telnet - 08-25-2010 -- 11:21:38

Telnet - 08-25-2010 -- 11:21:38 User login successful.

Telnet - 08-25-2010 -- 11:21:38

Telnet - 08-25-2010 -- 11:21:55 Session Log End --10.20.179.55|Telnet -

08-25-2010 -- 11:21:55

RADIUS authorization

The following events occur when RADIUS authorization takes place.

1. A user previously authenticated by a RADIUS server enters a command on the Brocade device.

2. The Brocade device looks at its configuration to see if the command is at a privilege level that

requires RADIUS command authorization.

3. If the command belongs to a privilege level that requires authorization, the Brocade device

looks at the list of commands delivered to it in the RADIUS Access-Accept packet when the
user was authenticated. (Along with the command list, an attribute was sent that specifies
whether the user is permitted or denied usage of the commands in the list.)

NOTE

After RADIUS authentication takes place, the command list resides on the Brocade device. The
RADIUS server is not consulted again once the user has been authenticated. This means that
any changes made to the user’s command list on the RADIUS server are not reflected until the
next time the user is authenticated by the RADIUS server, and the new command list is sent to
the Brocade device.

4. If the command list indicates that the user is authorized to use the command, the command is

executed.

RADIUS accounting

The following steps explain the working of RADIUS accounting.

1. One of the following events occur on a Brocade device:

A user logs into the management interface using Telnet or SSH

A user enters a command for which accounting has been configured

See also other documents in the category Brocade Computer Accessories: