Manualshelf

Brocade Web Tools Administrator's Guide (53-0000194-01, November 2006)

ManualsBrandsHP ManualsComputer AccessoriesHP DC SAN Director Switch Multiprotocol Extension Blade Option
271272273274275276277278279280
Web Tools Administrator’s Guide 17-15
Publication Number: 53-0000194-01
17
Managing RADIUS Service
Fabric OS supports RADIUS authentication, authorization, and accounting service (AAA). When
configured for RADIUS, the switch becomes a Network Access Server (NAS) that acts as a RADIUS
client. In this configuration, authentication records are stored in the RADIUS host server database.
Login and logout account name, assigned role, and time accounting records are also stored on the
RADIUS server.
You should set up RADIUS service through a secure connection such as SSH.
The three choices in the drop-down menu when RADIUS is selected as the primary service are:
Switch Database when RADIUS Authentication Fails—When selected, the switch user login
database will be checked whenever RADIUS authentication fails.
Switch Database When RADIUS Times Out—Switch user login database is checked only if the
physical connection to the RADIUS server fails.
None—Switch user login database is never checked. Only a RADIUS server can be used for
authentication.
If the switch database is selected as primary, there is no secondary option. The RADIUS server cannot
be configured as a backup for the switch user login database.
When the primary AAA service is RADIUS you can enable the secondary service which offers two
choices, None or Switch Database from the drop-down menu. When RADIUS login fails, even though
RADIUS server is available, the additional service allows you the option to use the Switch Database as
backup authentication service when the RADIUS server is not available. Alternatively, you can have no
secondary AAA service, which means that only the primary service will be used for authentication.
Use the AAA Service tab of the Switch Admin module to manage the RADIUS service (see Figure 17-6).