beautypg.com

Defining the radius configuration, Proxy to external radius server, Ldap – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Page 420: Accounting

background image

406

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Configuring the RADIUS Server

6

Proxy to external RADIUS Server

Proxy realms are configured on the switch, which has the details of the external RADIUS server to
which the corresponding realm users are to be proxied. The obtained user ID is parsed in a
(user@realm, realm/user, user%realm, user/realm) format to determine which proxy RADIUS
server is to be used.

LDAP

An external data source based on LDAP can be used to authorize users. The RADIUS server looks
for user credentials in the configured external LDAP server and authorizes users. The switch
supports two LDAP server configurations.

Accounting

Accounting should be initiated by the RADIUS client. Once the Local/Onboard RADIUS server is
started, it listens for both authentication and accounting records.

Using the switch’s RADIUS Server versus an External RADIUS

The switch ships with a default configuration defining the local RADIUS Server as the primary
authentication source (default users are admin with superuser privileges and operator with monitor
privileges). No secondary authentication source is specified. However, Brocade recommends using
an external RADIUS Server as the primary authentication source and the local switch RADIUS
Server as the secondary user authentication source. For information on configuring an external
RADIUS Server, see

“Configuring external RADIUS Server support”

on page 117. For instructions on

how to configure the switch’s local RADIUS Server, see

“Defining the RADIUS configuration”

on

page 406.

If an external RADIUS server is configured as the switch’s primary user authentication source and
the switch’s local RADIUS Server is defined as an alternate method, the switch first tries to
authenticate users using the external RADIUS Server. If an external RADIUS Server is unreachable,
the switch reverts to the local Server’s user database to authenticate users. However, if the
external RADIUS server is reachable but rejects the user or if the user is not found in the external
Server’s database, the switch will not revert to the local RADIUS Server and the authentication
attempt fails.

If the switch’s local RADIUS Server is configured as the primary authentication method and an
external RADIUS Server is configured as an alternate method, the alternate external RADIUS Server
will not be used as an authentication source if a user does not exist in the local Server’s database,
since the primary method has rejected the authentication attempt.

Defining the RADIUS configuration

To configure RADIUS support on the switch:

1. Select Security > RADIUS Server from the main menu.

2. Ensure the Configuration tab is selected.

See also other documents in the category Brocade Computer Accessories: