beautypg.com

Radius health check – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 76

background image

58

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring RADIUS security

1

The acct-port number parameter specifies what port to use for RADIUS accounting. The default is
1813.

Enter accounting-only if the server is used only for accounting. Enter authentication-only if the
server is used only for authentication. Entering the default parameter causes the server to be used
for all AAA RADIUS functions.

NOTE

To specify which RADIUS functions the server supports, you must first enter the authentication port
and accounting port parameters.

After authentication takes place, the server that performed the authentication is used for
authorization, accounting, or both. If the authenticating server cannot perform the requested
function, then the next server in the configured list of servers is tried; this process repeats until
either a server that can perform the requested function is found, or every server in the configured
list has been tried.

The health-check parameter is for the RADIUS instance configuration. This enables or disables the
health check for this instance. If the parameter is omitted the default of health-check is enabled.

Enter key and configure a key for the server if an authentication key is to be used. By default, key is
encrypted. If you want key to be in clear text, insert a 0 between key and string.

Brocade(config)# radius-server host 10.2.3.4 authentication-only key 0 abc

The software adds a prefix to the authentication key in the configuration. For example, the prefix
“2” is added to the key string in the example below.

radius-server host 10.2.3.6 auth-port 1812 acct-port 1813 default key 2 $D?@d=8

The prefix can be one of the following:

0 = the key string is not encrypted and is in clear text

1 = the key string uses proprietary simple crytographic 2-way algorithm (only for Brocade
NetIron CES and Brocade NetIron CER)

2 = the key string uses proprietary base64 crytographic 2-way algorithm (only for Brocade
NetIron XMR and Brocade MLX series)

Radius health check

Radius health check pro actively polls the radius server and checks for the radius-server
availability. If the checks fail, radius health check marks the status of the radius-server as not
available. This feature is disabled by default.

To create an authentication-method list that specifies RADIUS as the primary authentication
method for securing Telnet or ssh access to the CLI, enter the following command.

Brocade(config)# radius-server host 10.2.3.4 auth-port 1812 acct-port 1813

Brocade(config)# enable telnet authentication

Brocade(config)# aaa authentication login default radius local

See also other documents in the category Brocade Computer Accessories: