beautypg.com

Configuring, Brocade-specific attributes on the radius server – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 73

background image

Multi-Service IronWare Security Configuration Guide

55

53-1003035-02

Configuring RADIUS security

1

Configuring Brocade-specific attributes on the
RADIUS server

During the RADIUS authentication process, if a user supplies a valid username and password, the
RADIUS server sends an Access-Accept packet to the Brocade, authenticating the user. Within the
Access-Accept packet, the RADIUS server could send attribute “Vendor-Specific” whose value could
inform the Brocade on the runtime environment for this session. The value of Brocade’s Vendor ID
is 1991. This section will detail all the vendor specific attributes defined by Brocade.This section
will detail all the vendor specific attributes defined by Brocade.

TABLE 10

Vendor-specific attributes for RADIUS

Attribute name

Attribute ID

Data type

Description

brocade-privilege-level

1

integer

Specifies the privilege level for the user. This
attribute can be set to one of the following:
0 –Super User level – Allows complete
read-and-write access to the system. This is
generally for system administrators and is the only
management privilege level that allows you to
configure passwords.
4 – Port Configuration level – Allows read-and-write
access for specific ports but not for global
(system-wide) parameters.
5 – Read Only level – Allows access to the Privileged
EXEC mode and CONFIG mode of the CLI but only
with read access.

foundry-command-string

2

string

Specifies a list of CLI commands that are permitted
or denied to the user when RADIUS authorization is
configured.
The commands are delimited by semi-colons (;). You
can specify an asterisk (*) as a wildcard at the end
of a command string.
For example, the following command list specifies all
show and debug ip commands, as well as the write
terminal command:
show *; debug ip *; write term*

foundry-command-exception
-flag

3

integer

Specifies whether the commands indicated by the
brocade-command-string attribute are permitted or
denied to the user. This attribute can be set to one of
the following:
0 – Permit execution of the commands indicated by
brocade-command-string, deny all other commands.
1 – Deny execution of the commands indicated by
brocade-command-string, permit all other
commands.

foundry-INM-privilege

4

integer

Specifies the Brocade Network Advisor user privilege
level. This attribute can take a value range from 0 to
15.
In Brocade Network Advisor, this attribute value will
be mapped to the preconfigured roles “AAA privilege
level 0” through “AAA privilege level 15”.
The admin user has to configure these roles with the
appropriate sets of privileges in order for the AAA
user to get the correct set of feature access.

See also other documents in the category Brocade Computer Accessories: