Configuring authentication-method lists for radius, Configuring authentication-method lists for, Radius – Brocade BigIron RX Series Configuration Guide User Manual

Page 176: Setting the retransmission limit, Setting the timeout parameter

background image

98

BigIron RX Series Configuration Guide

53-1002484-04

Configuring RADIUS security

3

BigIron RX(config)# radius-server key 1 abc

BigIron RX(config)# write terminal

...

radius-server host 1.2.3.5

radius key 1 $!2d

NOTE

Encryption of the RADIUS keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.

Setting the retransmission limit

The retransmit parameter specifies the maximum number of retransmission attempts. When an
authentication request times out, the Brocade software will retransmit the request up to the
maximum number of retransmissions configured. The default retransmit value is 3 retries. The
range of retransmit values is from 1 – 5.

Use the command to set the RADIUS retransmit limit.

BigIron RX(config)# radius-server retransmit 5

Syntax: radius-server retransmit <number>

Setting the timeout parameter

The timeout parameter specifies how many seconds the BigIron RX waits for a response from the
RADIUS server before either retrying the authentication request, or determining that the RADIUS
server is unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.

BigIron RX(config)# radius-server timeout 5

Syntax: radius-server timeout <number>

Configuring authentication-method lists for RADIUS

You can use RADIUS to authenticate Telnet/SSH access and access to Privileged EXEC level and
CONFIG levels of the CLI. When configuring RADIUS authentication, you create
authentication-method lists specifically for these access methods, specifying RADIUS as the
primary authentication method.

Within the authentication-method list, RADIUS is specified as the primary authentication method
and up to six backup authentication methods are specified as alternates. If RADIUS authentication
fails due to an error, the device tries the backup authentication methods in the order they appear in
the list.

When you configure authentication-method lists for RADIUS, you must create a separate
authentication-method list for Telnet or SSH CLI access and for CLI access to the Privileged EXEC
level and CONFIG levels of the CLI.

To create an authentication-method list that specifies RADIUS as the primary authentication
method for securing Telnet access to the CLI.

BigIron RX(config)# enable telnet authentication

BigIron RX(config)# aaa authentication login default radius local

See also other documents in the category Brocade Computer Accessories: