Radius configuration considerations – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Multi-Service IronWare Security Configuration Guide

53

53-1003035-02

Configuring RADIUS security

1

AAA security for commands pasted into the
running configuration

If AAA security is enabled on the device, commands pasted into the running configuration are
subject to the same AAA operations as if they were entered manually.

When you paste commands into the running configuration, and AAA command authorization or
accounting is configured on the device, AAA operations are performed on the pasted commands.
The AAA operations are performed before the commands are actually added to the running
configuration. The server performing the AAA operations should be reachable when you paste the
commands into the running configuration file. If the device determines that a pasted command is
invalid, AAA operations are halted on the remaining commands. The remaining commands may not
be executed if command authorization is configured.

NOTE

Since RADIUS command authorization relies on a list of commands received from the RADIUS server
when authentication is performed, it is important that you use RADIUS authentication when you also
use RADIUS command authorization.

RADIUS configuration considerations

Consider the following for configuring the RADIUS server:

•

You must deploy at least one RADIUS server in your network.

•

The Brocade device supports authentication using up to eight RADIUS servers. The device tries
to use the servers in the order you add them to the device’s configuration. If one RADIUS
server is not responding, the device tries the next one in the list.

•

You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select RADIUS as
the primary authentication method for Telnet CLI access, but you cannot also select TACACS+
authentication as the primary method for the same type of access. However, you can configure
backup authentication methods for each access type.

User enters the command:
[no] aaa accounting system default
start-stop method-list

Command authorization:
aaa authorization commands privilege-level default method-list

Command accounting:
aaa accounting commands privilege-level default start-stop
method-list
System accounting start:
aaa accounting system default start-stop method-list

User enters other commands

Command authorization:
aaa authorization commands privilege-level default method-list

Command accounting:
aaa accounting commands privilege-level default start-stop
method-list

User action

Applicable AAA operations