beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 83

background image

Multi-Service IronWare Security Configuration Guide

65

53-1003035-02

Configuring RADIUS security

1

Syntax: [no] aaa accounting system default start-stop radius | tacacs+ | none

Configuring an interface as the source for all
RADIUS packets

You can designate the lowest-numbered IP address configured an Ethernet port, loopback
interface, or virtual interface as the source IP address for all RADIUS packets from the Brocade
device. Identifying a single source IP address for RADIUS packets provides the following benefits:

If your RADIUS server is configured to accept packets only from specific links or IP addresses,
you can use this feature to simplify configuration of the RADIUS server by configuring the
Brocade device to always send the RADIUS packets from the same link or source address.

If you specify a loopback interface as the single source for RADIUS packets, RADIUS servers
can receive the packets regardless of the states of individual links. Thus, if a link to the RADIUS
server becomes unavailable but the client or server can be reached through another link, the
client or server still receives the packets, and the packets still have the source IP address of
the loopback interface.

The software contains separate CLI commands for specifying the source interface for Telnet,
TACACS or TACACS+, and RADIUS packets. You can configure a source interface for one or more of
these types of packets.

To specify an Ethernet or a loopback or virtual interface as the source for all RADIUS packets from
the device, use the following CLI method. The software uses the lowest-numbered IP address
configured on the port or interface as the source IP address for RADIUS packets originated by the
device.

To specify the lowest-numbered IP address configured on a virtual interface as the device’s source
for all RADIUS packets, enter commands such as the following.

Brocade(config)# int ve 1

Brocade(config-vif-1)# ip address 10.0.0.3/24

Brocade(config-vif-1)# exit

Brocade(config)# ip radius source-interface ve 1

The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the
interface, then designate the interface as the source for all RADIUS packets from the Brocade
device.

Syntax: [no] ip radius source-interface ethernet portnum | loopback num | ve num

The num parameter is a loopback interface or virtual interface number. If you specify an Ethernet
port, the portnum is the port’s number (including the slot number, if you are configuring a device).

NOTE

The NAS-IP-ADDR attribute is added into the RADIUS Access-Request when ip radius
source-interface command is configured or when the Access-Request is for IPv4 RADIUS server.

See also other documents in the category Brocade Computer Accessories: