beautypg.com

Radius nas-identifier, Radius configuration considerations – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 100

background image

88

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring RADIUS security

2

AAA security for commands pasted into the running-config file

If AAA security is enabled on the device, commands pasted into the running-config file are subject
to the same AAA operations as if they were entered manually.

When you paste commands into the running-config file, and AAA command authorization or
accounting is configured on the device, AAA operations are performed on the pasted commands.
The AAA operations are performed before the commands are actually added to the running-config
file. The server performing the AAA operations should be reachable when you paste the commands
into the running-config file. If the device determines that a pasted command is invalid, AAA
operations are halted on the remaining commands. The remaining commands may not be
executed if command authorization is configured.

NOTE

Since RADIUS command authorization relies on a list of commands received from the RADIUS server
when authentication is performed, it is important that you use RADIUS authentication when you also
use RADIUS command authorization.

RADIUS NAS-Identifier

RADIUS NAS-Identifier gives customers using multi-vendor networks identifiers for Brocade Virtual
ADX so their RADIUS servers can send the correct VSAs to the device. Customers who use
multi-vendor networks require a default value for Brocade Virtual ADX and the ability to configure
one string per device for different business and operational functions.

The Brocade Virtual ADX RADIUS implementation sends out a NAS-ID string in the access-request
packets. To configure this feature use the following command:

Virtual ADX(config)#radius nas-identifier string

Syntax: radius nas-identifier string

string—1 to 64 character string that identifies the NAS originating the access request. It is only
used in access-request packets. Either NAS-IP-Address or NAS-Identifier must be present in an
access-request packet.

RADIUS configuration considerations

Consider the following:

You must deploy at least one RADIUS server in your network.

Brocade Virtual ADXs support authentication using up to eight RADIUS servers. The device tries
to use the servers in the order you add them to the device’s configuration. If one RADIUS
server is not responding, the Brocade Virtual ADX tries the next one in the list.

User enters other commands

Command authorization:
aaa authorization commands privilege-level default method-list

Command accounting:
aaa accounting commands privilege-level default start-stop
method-list

TABLE 10

Action to access AAA operations for RADIUS (Continued)

User action

Applicable AAA operations

See also other documents in the category Brocade Computer Accessories: