beautypg.com

Configuring exec authorization, Configuring command authorization – Brocade BigIron RX Series Configuration Guide User Manual

Page 178

background image

100

BigIron RX Series Configuration Guide

53-1002484-04

Configuring RADIUS security

3

Configuring Exec authorization

NOTE

Before you configure RADIUS exec authorization on the BigIron RX, make sure that the aaa
authentication enable default radius command or the aaa authentication login privilege-mode
command exist in the configuration.

When RADIUS exec authorization is performed, the BigIron RX consults a RADIUS server to
determine the privilege level of the authenticated user.

To configure RADIUS exec authorization on the BigIron RX, enter the following command.

BigIron RX(config)# aaa authentication dot1x default radius

Syntax: aaa authentication dot1x default radius | none

If you specify none, or omit the aaa authorization exec command from the device’s configuration,
no exec authorization is performed.

NOTE

If the aaa authorization exec default radius command exists in the configuration, following
successful authentication the device assigns the user the privilege level specified by the
brocade-privilege-level attribute received from the RADIUS server. If the aaa authorization exec
default radius command does not exist in the configuration, then the value in the
brocade-privilege-level attribute is ignored, and the user is granted Super User access.

For the aaa authorization exec default radius command to work, either the aaa authentication
enable default radius command, or the aaa authentication login privilege-mode command must
also exist in the configuration.

Configuring command authorization

When RADIUS command authorization is enabled, the BigIron RX consults the list of commands
supplied by the RADIUS server during authentication to determine whether a user can execute a
command he or she has entered.

You enable RADIUS command authorization by specifying a privilege level whose commands
require authorization. For example, to configure the BigIron RX to perform authorization for the
commands available at the Super User privilege level (that is; all commands on the device), enter
the following command.

BigIron RX(config)# aaa authorization commands 0 default radius

Syntax: aaa authorization commands <privilege-level> default radius | tacacs+ | none

The <privilege-level> parameter can be one of the following:

0 – Authorization is performed (that is, the BigIron RX looks at the command list) for
commands available at the Super User level (all commands)

4 – Authorization is performed for commands available at the Port Configuration level
(port-config and read-only commands)

5 – Authorization is performed for commands available at the Read Only level (read-only
commands)

See also other documents in the category Brocade Computer Accessories: