Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
141142143144145146147148149150
ServerIron ADX Administration Guide 127
53-1002434-01
Configuring RADIUS security
2
Identifying the RADIUS server to the ServerIron
To use a RADIUS server to authenticate access to a ServerIron, you must identify the server to the
ServerIron.
Example
ServerIronADX(config)# radius-server host 209.157.22.99
Syntax: radius-server host <ip-addr> | <server-name> [auth-port <number> acct-port <number>]
The host <ip-addr> | <server-name> parameter is either an IP address or an ASCII text string.
The <auth-port> parameter is the Authentication port number; it is an optional parameter. The
default is 1645.
The <acct-port> parameter is the Accounting port number; it is an optional parameter. The default
is 1646.
TABLE 10 Brocade vendor-specific attributes for RADIUS
Attribute name Attribute ID Data type Description
brocade-privilege-level 1 integer Specifies the privilege level for the user. This
attribute can be set to one of the following:
0 Super User level – Allows complete
read-and-write access to the system. This is
generally for system administrators and is the
only management privilege level that allows
you to configure passwords.
4 Port Configuration level – Allows
read-and-write access for specific ports but
not for global (system-wide) parameters.
5 Read Only level – Allows access to the
Privileged EXEC mode and CONFIG mode of
the CLI but only with read access.
brocade-command-string 2 string Specifies a list of CLI commands that are
permitted or denied to the user when RADIUS
authorization is configured.
The commands are delimited by semi-colons
(;). You can specify an asterisk (*) as a
wildcard at the end of a command string.
For example, the following command list
specifies all show and debug ip commands,
as well as the write terminal command:
show *; debug ip *; write term*
brocade-command-exception-flag 3 integer Specifies whether the commands indicated
by the brocade-command-string attribute are
permitted or denied to the user. This
attribute can be set to one of the following:
0 Permit execution of the commands
indicated by brocade-command-string, deny
all other commands.
1 Deny execution of the commands
indicated by brocade-command-string, permit
all other commands.