Mapping a radius server to individual ports, Mapping a radius server, To individual ports – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 141: Configuration example and command syntax

background image

Brocade TurboIron 24X Series Configuration Guide

107

53-1003053-01

Configuring RADIUS security

Configuration example and command syntax

The following shows an example configuration.

TurboIron(config)#radius-server host 10.10.10.103 auth-port 1812 acct-port 1813

default key mykeyword dot1x port-only

TurboIron(config)#radius-server host 10.10.10.104 auth-port 1812 acct-port 1813

default key mykeyword dot1x port-only

TurboIron(config)#radius-server host 10.10.10.105 auth-port 1812 acct-port 1813

default key mykeyword dot1x

TurboIron(config)#radius-server host 10.10.10.106 auth-port 1812 acct-port 1813

default key mykeyword dot1x

The above configuration has the following affect:

RADIUS servers 10.10.10.103 and 10.10.10.104 will be used only to authenticate users on
ports to which the servers are mapped. To map a RADIUS server to a port, refer to

“Mapping a

RADIUS server to individual ports”

on page 107.

RADIUS servers 10.10.10.105 and 10.10.10.106 will be used to authenticate users on ports to
which no RADIUS servers are mapped. For example, port e 9, to which no RADIUS servers are
mapped, will send a RADIUS request to the first configured RADIUS server, 10.10.10.105. If
the request fails, it will go to the second configured RADIUS server, 10.10.10.106. It will not
send requests to 10.10.10.103 or 10.10.10.104, since these servers are configured as port
servers.

Syntax: radius-server host | [auth-port ] [acct-port

] [default key dot1x] [port-only]

The host is the IPv4 address.

The auth-port parameter is the Authentication port number; it is an optional parameter.
The default is 1645.

The acct-port parameter is the Accounting port number; it is an optional parameter. The
default is 1646.

The default key dot1x parameter indicates that this RADIUS server supports the 802.1X
standard. A RADIUS server that supports the 802.1X standard can also be used to authenticate
non-802.1X authentication requests.

The port-only parameter is optional and specifies that the server will be used only to authenticate
users on ports to which it is mapped.

Mapping a RADIUS server to individual ports

You can map up to eight RADIUS servers to each port on the device. The port will authenticate
users using only the RADIUS servers to which the port is mapped. If there are no RADIUS servers
mapped to a port, it will use the “global” servers for authentication.

As in previous releases, a port goes through the list of servers in the order in which it was mapped
or configured, until a server that can perform the requested function is found, or until every server
in the list has been tried.

Configuration notes

This feature works with 802.1X and multic-device port authentication only.

You can map a RADIUS server to a physical port only. You cannot map a RADIUS server to a VE.

See also other documents in the category Brocade Computer Accessories: