beautypg.com

There, Configuring a radius server to authenticate rbm – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 123

background image

Brocade Virtual ADX Administration Guide

111

53-1003249-01

Integrating RBM with RADIUS and TACACS+

3

Configuring a Brocade Virtual ADX for authentication by a TACACS+ server

To configure a Brocade Virtual ADX authenticated by a TACACS+ server, refer to

“Configuring

TACACS or TACACS+ security”

on page 69. The following example is a standard Brocade Virtual ADX

configuration to enable AAA authentication and authorization by a TACACS+ server with the
following settings:

Default authentication for web-server access is provided locally.

Executive authorization is configured to have the user’s privilege level authorized by a TACACS+
server.

TACACS+ is set as the default authentication method for login.

The server at IP address 10.10.10.10 is identified as the TACACS+ server.

Virtual ADX(config)# aaa authentication login default tacacs+

Virtual ADX(config)# aaa authorization exec default tacacs+

Virtual ADX(config)# tacacs-server host 10.10.10.10 auth-port 49 default key 1

$D?@d=8

Configuring a role template at the global level (RADIUS or TACACS+)

The following example shows how to configure a role template named “brcd” on a Brocade Virtual
ADX at the global level and associate the template to the user named “user1.”

Virtual ADX(config)# role template brcd

Virtual ADX(config-role-template-r1)# context c1 operator

Virtual ADX(config-role-template-r1)# context c2 manager

Virtual ADX(config-role-template-r1)# context c3 viewer

Virtual ADX(config-role-template-r1)# exit

Virtual ADX(config)# username user1 privilege 1 password pass2

Virtual ADX(config-role-user-user1)# role template brcd

Configuring the AAA server to authenticate RBM
on a Brocade Virtual ADX

The AAA server must be configured to authenticate RBM on the Brocade Virtual ADX for RADIUS or
TACACS+.

Configuring a RADIUS server to authenticate RBM

Add the following configuration to the file “/usr/local/etc/raddb/users” for the RADIUS server to
authenticate RBM. The “SIContextRole” and “SIRoleTemplate” template settings must reflect the
settings in the specified RBM role template configured on the Brocade Virtual ADX.

aaaserver1

Cleartext-Password : = "pass"

foundry-privilege-Level = 1,

SIContextRole = "c1+operator;c2+viewer;*c3+manager",

SIRoleTemplate = “default”

Syntax: SIContextRole :context+role

See also other documents in the category Brocade Computer Accessories: