beautypg.com

Identifying the radius server, To the brocade virtual adx – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 102

background image

90

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring RADIUS security

2

Identifying the RADIUS server to the Brocade Virtual ADX

To use a RADIUS server to authenticate access to a Brocade Virtual ADX, you must identify the
server to the Brocade Virtual ADX.

Example

Virtual ADX(config)#radius-server host 209.157.22.99

Syntax: radius-server host ip-addr | server-name [auth-port number acct-port number]

The host ip-addr | server-name parameter is either an IP address or an ASCII text string.

The optional auth-port variable is the Authentication port number. The default is 1645.

The optional acct-port variable is the Accounting port number. The default is 1646.

TABLE 11

Brocade vendor-specific attributes for RADIUS

Attribute name

Attribute ID

Data type

Description

-privilege-level

1

integer

Specifies the privilege level for the user. This
attribute can be set to one of the following:
0

Super User level – Allows complete

read-and-write access to the system. This is
generally for system administrators and is the
only management privilege level that allows
you to configure passwords.
4

Port Configuration level – Allows

read-and-write access for specific ports but
not for global (system-wide) parameters.
5

Read Only level – Allows access to the

Privileged EXEC mode and CONFIG mode of
the CLI but only with read access.

brocade-command-string

2

string

Specifies a list of CLI commands that are
permitted or denied to the user when RADIUS
authorization is configured.
The commands are delimited by semi-colons
(;). You can specify an asterisk (*) as a
wildcard at the end of a command string.
For example, the following command list
specifies all show and debug ip commands,
as well as the write terminal command:
show *; debug ip *; write term*

-command-exception-flag

3

integer

Specifies whether the commands indicated
by the -command-string attribute are
permitted or denied to the user. This attribute
can be set to one of the following:
0

Permit execution of the commands

indicated by -command-string, deny all other
commands.
1

Deny execution of the commands

indicated by -command-string, permit all
other commands.

See also other documents in the category Brocade Computer Accessories: