Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

131

132

133

134

135

136

137

138

139

140

122 ServerIron ADX Administration Guide

53-1002434-01

Configuring RADIUS security

Example

Syntax: show web

Configuring RADIUS security

You can use a Remote Authentication Dial In User Service (RADIUS) server to secure the following

types of access to the Brocade Layer 2 Switch or Layer 3 Switch:

• Telnet access

• SSH access

• Web management access

• Access to the Privileged EXEC level and CONFIG levels of the CLI

NOTE

ServerIrons do not support RADIUS security for SNMP (IronView) access.

RADIUS authentication, authorization, and accounting

When RADIUS authentication is implemented, the ServerIron consults a RADIUS server to verify

user names and passwords. You can optionally configure RADIUS authorization, in which the

ServerIron consults a list of commands supplied by the RADIUS server to determine whether a user

can execute a command he or she has entered, as well as accounting, which causes the ServerIron

to log information on a RADIUS accounting server when specified events occur on the device.

NOTE

By default, a user logging into the device through Telnet or SSH first enters the User EXEC level. The

user can then enter the enable command to get to the Privileged EXEC level.

A user that is successfully authenticated can be automatically placed at the Privileged EXEC level

after login. Refer to “Entering privileged EXEC mode after a Telnet or SSH login” on page 131.

RADIUS authentication

When RADIUS authentication takes place, the following events occur.

1. A user attempts to gain access to the ServerIron by doing one of the following:

• Logging into the device using Telnet, SSH, or the Web Management Interface

• Entering the Privileged EXEC level or CONFIG level of the CLI

2. The user is prompted for a username and password.

3. The user enters a username and password.

4. The ServerIron sends a RADIUS Access-Request packet containing the username and

password to the RADIUS server.

5. The RADIUS server validates the ServerIron using a shared secret (the RADIUS key).

6. The RADIUS server looks up the username in its database.

ServerIronADX(config)# show web

User Privilege IP address

set 0 192.168.1.234