beautypg.com

Radius configuration considerations, Radius configuration procedure – Brocade BigIron RX Series Configuration Guide User Manual

Page 172

background image

94

BigIron RX Series Configuration Guide

53-1002484-04

Configuring RADIUS security

3

AAA security for commands pasted into the running configuration

If AAA security is enabled on the device, commands pasted into the running configuration are
subject to the same AAA operations as if they were entered manually.

When you paste commands into the running configuration, and AAA command authorization or
accounting is configured on the device, AAA operations are performed on the pasted commands.
The AAA operations are performed before the commands are actually added to the running
configuration. The server performing the AAA operations should be reachable when you paste the
commands into the running configuration file. If the device determines that a pasted command is
invalid, AAA operations are halted on the remaining commands. The remaining commands may not
be executed if command authorization is configured.

NOTE

Since RADIUS command authorization relies on a list of commands received from the RADIUS server
when authentication is performed, it is important that you use RADIUS authentication when you also
use RADIUS command authorization.

RADIUS configuration considerations

Consider the following to configure RADIUS:

You must deploy at least one RADIUS server in your network.

The device supports authentication using up to eight RADIUS servers. The device tries to use
the servers in the order you add them to the device’s configuration. If one RADIUS server is not
responding, the Brocade device tries the next one in the list.

You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select RADIUS
as the primary authentication method for Telnet CLI access, but you cannot also select
TACACS+ authentication as the primary method for the same type of access. However, you can
configure backup authentication methods for each access type.

RADIUS configuration procedure

Use the following procedure to configure a BigIron RX for RADIUS.

1. Configure Brocade vendor-specific attributes on the RADIUS server. Refer to

“Configuring

Brocade-specific attributes on the RADIUS server”

on page 95.

2. Identify the RADIUS server to the BigIron RX. Refer to

“Identifying the RADIUS server to the

BigIron RX”

on page 96.

3. Set RADIUS parameters. Refer to

“Setting RADIUS parameters”

on page 97.

4. Configure authentication-method lists. Refer to

“Configuring authentication-method lists for

RADIUS”

on page 98.

5. Optionally configure RADIUS authorization. Refer to

“Configuring RADIUS authorization”

on

page 99.

6. Optionally configure RADIUS accounting.

“Configuring RADIUS accounting”

on page 101.

See also other documents in the category Brocade Computer Accessories: