beautypg.com

Configuring authentication-method lists for radius, Configuring authentication-method lists for, Radius – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 78: Setting the radius key, Setting the retransmission limit, Setting the timeout parameter

background image

60

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring RADIUS security

1

Setting the RADIUS key

The key parameter in the radius-server command is used to encrypt RADIUS packets before they
are sent over the network. The value for the key parameter on the Brocade device should match the
one configured on the RADIUS server. The key length can be from 1 – 64 characters and cannot
include any space characters.

To specify a RADIUS server key, enter a command such as the following.

Brocade(config)# radius-server key mirabeau

Syntax: [no] radius-server key [0 | 1] string

When you display the configuration of the Brocade device, the RADIUS key is encrypted.

Example

Brocade(config)# radius-server key 1 abc

Brocade(config)# write terminal

...

radius-server host 10.2.3.5

radius key 1 $!2d

NOTE

Encryption of the RADIUS keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.

Setting the retransmission limit

The retransmit parameter specifies the maximum number of retransmission attempts. When an
authentication request times out, the software will retransmit the request up to the maximum
number of retransmissions configured. The default retransmit value is 3 retries. The range of
retransmit values is from 1 – 5.

To set the RADIUS retransmit limit, enter a command such as the following.

Brocade(config)# radius-server retransmit 5

Syntax: [no] radius-server retransmit number

Setting the timeout parameter

The timeout parameter specifies how many seconds the Brocade device waits for a response from
the RADIUS server before either retrying the authentication request, or determining that the
RADIUS server is unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.

Brocade(config)# radius-server timeout 5

Syntax: [no] radius-server timeout number

Configuring authentication-method lists for RADIUS

You can use RADIUS to authenticate Telnet or SSH access and access to Privileged EXEC level and
CONFIG levels of the CLI. When configuring RADIUS authentication, you create
authentication-method lists specifically for these access methods, specifying RADIUS as the
primary authentication method.

See also other documents in the category Brocade Computer Accessories: