Quick Reference Guide
PowerConnect B-Series TI24X Configuration Guide 893
53-1002269-02
Configuring RADIUS security
26
NOTE
Devices do not support RADIUS security for SNMP (Brocade Network Advisor) access.
RADIUS authentication, authorization, and accounting
When RADIUS authentication is implemented, the device consults a RADIUS server to verify user
names and passwords. You can optionally configure RADIUS authorization, in which the device
consults a list of commands supplied by the RADIUS server to determine whether a user can
execute a command he or she has entered, as well as accounting, which causes the device to log
information on a RADIUS accounting server when specified events occur on the device.
RADIUS authentication
When RADIUS authentication takes place, the following events occur.
1. A user attempts to gain access to the device by doing one of the following:
• Logging into the device using Telnet, or SSH.
• Entering the Privileged EXEC level or CONFIG level of the CLI
2. The user is prompted for a username and password.
3. The user enters a username and password.
4. The device sends a RADIUS Access-Request packet containing the username and password to
the RADIUS server.
5. The RADIUS server validates the device using a shared secret (the RADIUS key).
6. The RADIUS server looks up the username in its database.
7. If the username is found in the database, the RADIUS server validates the password.
8. If the password is valid, the RADIUS server sends an Access-Accept packet to the device,
authenticating the user. Within the Access-Accept packet are three Dell vendor-specific
attributes that indicate:
• The privilege level of the user
• A list of commands
• Whether the user is allowed or denied usage of the commands in the list
The last two attributes are used with RADIUS authorization, if configured.
9. The user is authenticated, and the information supplied in the Access-Accept packet for the
user is stored on the device. The user is granted the specified privilege level. If you configure
RADIUS authorization, the user is allowed or denied usage of the commands in the list.
RADIUS authorization
When RADIUS authorization takes place, the following events occur.
1. A user previously authenticated by a RADIUS server enters a command on the device.
2. The device looks at its configuration to see if the command is at a privilege level that requires
RADIUS command authorization.