beautypg.com

Setting radius parameters, Setting the radius key – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 103

background image

Brocade Virtual ADX Administration Guide

91

53-1003249-01

Configuring RADIUS security

2

Specifying different servers for individual AAA functions

In a RADIUS configuration, you can designate a server to handle a specific AAA task. For example,
you can designate one RADIUS server to handle authorization and another RADIUS server to
handle accounting. You can specify individual servers for authentication and accounting, but not
for authorization. You can set the RADIUS key for each server.

To specify different RADIUS servers for authentication, authorization and accounting, enter the
following commands.

Virtual ADX(config)#radius-server host 10.2.3.4 auth-port 1 acct-port 2

authentication-only key abc

Virtual ADX(config)#radius-server host 10.2.3.5 auth-port 1 acct-port 2

authorization-only key def

Virtual ADX(config)#radius-server host 10.2.3.6 auth-port 1 acct-port 2

accounting-only key ghi

Syntax: radius-server host ip-addr | server-name auth-port number acct-port number

[authentication-only | accounting-only | default] [key 0 | 1 string]

The default parameter causes the server to be used for all AAA functions.

After authentication takes place, the server that performed the authentication is used for
authorization or accounting. If the authenticating server cannot perform the requested function,
then the next server in the configured list of servers is tried; this process repeats until a server that
can perform the requested function is found, or every server in the configured list has been tried.

Setting RADIUS parameters

You can set the following parameters in a RADIUS configuration:

RADIUS key – This parameter specifies the value that the Brocade Virtual ADX sends to the
RADIUS server when trying to authenticate user access.

Retransmit interval – This parameter specifies how many times the Brocade Virtual ADX will
resend an authentication request when the RADIUS server does not respond. The retransmit
value can be from 0 – 5 times. The default is 3 times.

Timeout – This parameter specifies how many seconds the Brocade Virtual ADX waits for a
response from a RADIUS server before either retrying the authentication request, or
determining that the RADIUS servers are unavailable and moving on to the next authentication
method in the authentication-method list. The timeout can be from 1 – 15 seconds. The
default is 3 seconds.

Setting the RADIUS key

The key parameter in the radius-server command is used to encrypt RADIUS packets before they
are sent over the network. The value for the key parameter on the Brocade Virtual ADX should
match the one configured on the RADIUS server. The key can be from 1 – 32 characters in length
and cannot include any space characters.

To specify a RADIUS server key, enter the following command.

Virtual ADX(config)#radius-server key mirabeau

Syntax: radius-server key [0 | 1] string

When you display the configuration of the Brocade Virtual ADX, the RADIUS key is encrypted.

See also other documents in the category Brocade Computer Accessories: