beautypg.com

Brocade TurboIron 24X Series Configuration Guide User Manual

Page 6

background image

vi

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring TACACS/TACACS+ security . . . . . . . . . . . . . . . . . . . . . . .84

How TACACS+ differs from TACACS. . . . . . . . . . . . . . . . . . . . . . .85
TACACS/TACACS+ authentication, authorization,
and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
TACACS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
TACACS/TACACS+ configuration considerations . . . . . . . . . . . .89
Enabling TACACS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Identifying the TACACS/TACACS+ servers. . . . . . . . . . . . . . . . . .90
Specifying different servers for individual AAA functions . . . . .90
Setting optional TACACS/TACACS+ parameters . . . . . . . . . . . . . 91
Configuring authentication-method lists for TACACS/TACACS+ 92
Configuring TACACS+ authorization . . . . . . . . . . . . . . . . . . . . . . 94
Configuring TACACS+ accounting . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring an interface as the source for all
TACACS/TACACS+ packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Displaying TACACS/TACACS+ statistics and
configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Configuring RADIUS security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

RADIUS authentication, authorization, and accounting . . . . .100
RADIUS configuration considerations. . . . . . . . . . . . . . . . . . . .103
RADIUS configuration procedure . . . . . . . . . . . . . . . . . . . . . . .104
Configuring Brocade-specific attributes on the RADIUS server104
Enabling SNMP to configure RADIUS . . . . . . . . . . . . . . . . . . . .105
Identifying the RADIUS server to the device. . . . . . . . . . . . . . .106
Specifying different servers for individual AAA functions . . . .106
Configuring a RADIUS server per port . . . . . . . . . . . . . . . . . . .106
Mapping a RADIUS server to individual ports . . . . . . . . . . . . .107
Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Configuring authentication-method lists for RADIUS. . . . . . . .109
Configuring RADIUS authorization . . . . . . . . . . . . . . . . . . . . . .111
Configuring RADIUS accounting . . . . . . . . . . . . . . . . . . . . . . . .113
Configuring an interface as the source for all
RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Displaying RADIUS configuration information . . . . . . . . . . . . .114

Configuring authentication-method lists . . . . . . . . . . . . . . . . . . . . .115

Configuration considerations for authentication- method lists116
Examples of authentication-method lists. . . . . . . . . . . . . . . . .117

Chapter 6

Configuring SSH2 and SCP

SSH version 2 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Tested SSH2 clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120
Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120
Unsupported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

AES encryption for SSH2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121

Configuring SSH2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121

Recreating SSH keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Generating a host key pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Configuring DSA challenge-response authentication . . . . . . .123

See also other documents in the category Brocade Computer Accessories: