beautypg.com

Identifying the radius server to the device, Configuring a radius server per port, Specifying different – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 140: Servers for individual aaa functions, Configuring a radius, Server per port

background image

106

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring RADIUS security

Identifying the RADIUS server to the device

To use a RADIUS server to authenticate access to a device, you must identify the server to the
device.

Example

TurboIron(config)#radius-server host 10.157.22.99

Syntax: radius-server host | | [auth-port ]

[acct-port ]

The host | | parameter is either an IP address or an ASCII
text string.

The parameter is the Authentication port number. The default is 1645.

The parameter is the Accounting port number. The default is 1646.

Specifying different servers for individual AAA functions

In a RADIUS configuration, you can designate a server to handle a specific AAA task. For example,
you can designate one RADIUS server to handle authorization and another RADIUS server to
handle accounting. You can specify individual servers for authentication and accounting, but not
for authorization. You can set the RADIUS key for each server.

To specify different RADIUS servers for authentication, authorization, and accounting, enter
commands such as the following.

TurboIron(config)#radius-server host 10.2.3.4 auth-port 1645 acct-port 1646

authentication-only key abc

TurboIron(config)#radius-server host 10.2.3.6 auth-port 1645 acct-port 1646

accounting-only key ghi

Syntax: radius-server host | | [auth-port ]

[acct-port ] [authentication-only | accounting-only | default] [key 0 | 1
]

The default parameter causes the server to be used for all AAA functions.

After authentication takes place, the server that performed the authentication is used for
authorization and accounting. If the authenticating server cannot perform the requested function,
then the next server in the configured list of servers is tried; this process repeats until a server that
can perform the requested function is found, or every server in the configured list has been tried.

Configuring a RADIUS server per port

You can optionally configure a RADIUS server per port, indicating that it will be used only to
authenticate users on ports to which it is mapped. A RADIUS server that is not explicitly configured
as a RADIUS server per port is a global server, and can be used to authenticate users on ports to
which no RADIUS servers are mapped.

Configuration notes

This feature works with 802.1X and multi-device port authentication only.

As in previous releases, yYou can define up to eight RADIUS servers per device.

See also other documents in the category Brocade Computer Accessories: