Configuring, Brocade-specific attributes on the radius server – Brocade BigIron RX Series Configuration Guide User Manual

BigIron RX Series Configuration Guide

95

53-1002484-04

Configuring RADIUS security

3

Configuring Brocade-specific attributes on the
RADIUS server

NOTE

For the BigIron RX, RADIUS Challenge is supported for 802.1x authentication but not for login
authentication.

During the RADIUS authentication process, if a user supplies a valid username and password, the
RADIUS server sends an Access-Accept packet to the device, authenticating the user. Within the
Access-Accept packet are three Brocade vendor-specific attributes that indicate:

•

The privilege level of the user

•

A list of commands

•

Whether the user is allowed or denied usage of the commands in the list

You must add these three Brocade vendor-specific attributes to your RADIUS server’s configuration,
and configure the attributes in the individual or group profiles of the users that will access the
BigIron RX.

Brocade’s Vendor-ID is 1991, with Vendor-Type 1. The following table describes the Brocade
vendor-specific attributes.

TABLE 38

Brocade vendor-specific attributes for RADIUS

Attribute name

Attribute ID

Data type

Description

brocade-privilege-level

1

integer

Specifies the privilege level for the user. This
attribute can be set to one of the following:
0

Super User level – Allows complete

read-and-write access to the system. This is
generally for system administrators and is the
only management privilege level that allows
you to configure passwords.
4

Port Configuration level – Allows

read-and-write access for specific ports but
not for global (system-wide) parameters.
5

Read Only level – Allows access to the

Privileged EXEC mode and CONFIG mode of
the CLI but only with read access.