beautypg.com

Configuring radius security, Configuring radius, Security – Brocade BigIron RX Series Configuration Guide User Manual

Page 169: Radius authentication

background image

BigIron RX Series Configuration Guide

91

53-1002484-04

Configuring RADIUS security

3

Configuring RADIUS security

You can use a Remote Authentication Dial In User Service (RADIUS) server to secure the following
types of access to the device:

Telnet access

SSH access

Web management access

Access to the Privileged EXEC level and CONFIG levels of the CLI

NOTE

The BigIron RX does not support RADIUS security for SNMP (Brocade Network Advisor) access.

RADIUS authentication, authorization, and accounting

When RADIUS authentication is implemented, the BigIron RX consults a RADIUS server to verify
user names and passwords. You can optionally configure RADIUS authorization, in which the
BigIron RX consults a list of commands supplied by the RADIUS server to determine whether a user
can execute a command he or she has entered, as well as accounting, which causes the device to
log information on a RADIUS accounting server when specified events occur on the device.

NOTE

By default, a user logging into the device through Telnet or SSH first enters the User EXEC level. The
user can then enter the enable command to get to the Privileged EXEC level.

A user that is successfully authenticated can be automatically placed at the Privileged EXEC level
after login. Refer to

“Entering privileged EXEC mode after a Telnet or SSH login”

on page 99.

RADIUS authentication

When RADIUS authentication takes place, the following events occur.

1. A user attempts to gain access to the BigIron RX by doing one of the following:

Logging into the device using Telnet, SSH, or the Web management interface

Entering the Privileged EXEC level or CONFIG level of the CLI

2. The user is prompted for a username and password.

3. The user enters a username and password.

4. The BigIron RX sends a RADIUS Access-Request packet containing the username and

password to the RADIUS server.

5. The RADIUS server validates the BigIron RX using a shared secret (the RADIUS key).

6. The RADIUS server looks up the username in its database.

7. If the username is found in the database, the RADIUS server validates the password.

8. If the password is valid, the RADIUS server sends an Access-Accept packet to the BigIron RX,

authenticating the user. Within the Access-Accept packet are three Brocade vendor-specific
attributes that indicate:

The privilege level of the user

See also other documents in the category Brocade Computer Accessories: