beautypg.com

Integrating rbm with radius and tacacs – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 122

background image

Brocade Virtual ADX Administration Guide

110

53-1003249-01

Integrating RBM with RADIUS and TACACS+

3

Integrating RBM with RADIUS and TACACS+

You can configure a Brocade Virtual ADX and its corresponding AAA (RADIUS or TACACS+) server
with RBM access authenticated from the respective AAA server. Use the following procedures to
configure a Brocade Virtual ADX for RBM authentication using an AAA server:

Configure AAA server authentication on a Brocade Virtual ADX.

Configure the contexts on a Brocade Virtual ADX.

Specify the context and role information on the AAA server.

The procedure to access RBM on the Brocade Virtual ADX is as follows:

1. The client logs in to a Brocade Virtual ADX with a user name and password.

2. Brocade Virtual ADX requests authentication from the AAA (RADIUS or TACACS+) server.

3. The RADIUS or TACACS+ server authenticates the user with the approved context for a Brocade

Virtual ADX.

4. Brocade Virtual ADX assigns the approved contexts and roles to the user.

5. If the context or template authenticated by the AAA server is not configured on the Brocade

Virtual ADX, the Brocade Virtual ADX ignores the context authentication and a log message is
generated.

Configuring the Brocade Virtual ADX for AAA authentication

The Brocade Virtual ADX must be configured for authentication by an AAA server. Instructions are
provided in

Chapter 2, “Secure Access Management”

. Sample configurations for RADIUS and

TACACS+ are provided in

“Configuring a Brocade Virtual ADX for authentication by a RADIUS server”

and

“Configuring a Brocade Virtual ADX for authentication by a TACACS+ server”

. There is nothing in

the AAA configurations that is unique to use with RBM.

A role template must be configured at the global level and associated to a user.

Configuring a Brocade Virtual ADX for authentication by a RADIUS server

To configure a Brocade Virtual ADX authenticated by a RADIUS server, refer to

“Configuring RADIUS

security”

on page 85. The following example contains a standard Brocade Virtual ADX configuration

to enable AAA authentication and authorization by a RADIUS server with the following settings:

Default login authentication using a RADIUS server.

Executive authorization is configured on the Brocade Virtual ADX, with the user’s privilege level
authorized by a RADIUS server.

RADIUS is set as the primary authentication method for securing access to the Brocade Virtual
ADX system.

The server at IP address 10.10.10.10 is identified as the RADIUS server.

Encryption is enabled using the key parameter.

Virtual ADX(config)# aaa authentication login default radius

Virtual ADX(config)# aaa authorization exec default radius

Virtual ADX(config)# radius-server host 10.10.10.10 auth-port 1812 acct-port 1813

default

Virtual ADX(config)# radius-server key brocade

See also other documents in the category Brocade Computer Accessories: