beautypg.com

Configuring radius security, Radius authentication – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 97

background image

Brocade Virtual ADX Administration Guide

85

53-1003249-01

Configuring RADIUS security

2

Configuring RADIUS security

You can use a Remote Authentication Dial In User Service (RADIUS) server to secure the following
types of access to the Brocade Layer 3 Switch:

Telnet access

SSH access

Web management access

Access to the Privileged EXEC level and CONFIG levels of the CLI

NOTE

Brocade Virtual ADX devices do not support RADIUS security for SNMP access.

RADIUS authentication, authorization and accounting

When RADIUS authentication is implemented, the Brocade Virtual ADX consults a RADIUS server to
verify user names and passwords. You can optionally configure RADIUS authorization, in which the
Brocade Virtual ADX consults a list of commands supplied by the RADIUS server to determine
whether a user can execute a command he or she has entered, as well as accounting, which
causes the Brocade Virtual ADX to log information on a RADIUS accounting server when specified
events occur on the device.

NOTE

By default, a user logging into the device through Telnet or SSH first enters the User EXEC level. The
user can then enter the enable command to get to the Privileged EXEC level.
A user that is successfully authenticated can be automatically placed at the Privileged EXEC level
after login. Refer to

“Entering privileged EXEC mode after a Telnet or SSH login”

on page 94.

RADIUS authentication

When RADIUS authentication takes place, the following events occur.

1. A user attempts to gain access to the Brocade Virtual ADX by doing one of the following:

Logging into the device using Telnet, SSH, or the Web Management Interface

Entering the Privileged EXEC level or CONFIG level of the CLI

2. The user is prompted for a username and password.

3. The user enters a username and password.

4. The Brocade Virtual ADX sends a RADIUS Access-Request packet containing the username and

password to the RADIUS server.

5. The RADIUS server validates the Brocade Virtual ADX using a shared secret (the RADIUS key).

6. The RADIUS server looks up the username in its database.

7. If the username is found in the database, the RADIUS server validates the password.

See also other documents in the category Brocade Computer Accessories: