Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

141

142

143

144

145

146

147

148

149

150

134 ServerIron ADX Administration Guide

53-1002434-01

Configuring RADIUS security

Syntax: aaa accounting commands <privilege-level> default start-stop radius | tacacs | none

The <privilege-level> parameter can be one of the following:

• 0 – Records commands available at the Super User level (all commands)

• 4 – Records commands available at the Port Configuration level (port-config and read-only

commands)

• 5 – Records commands available at the Read Only level (read-only commands)

Configuring RADIUS accounting for system events

You can configure RADIUS accounting to record when system events occur on the ServerIron.

System events include rebooting and when changes to the active configuration are made.

The following command causes an Accounting Start packet to be sent to the RADIUS accounting

server when a system event occurs, and a Accounting Stop packet to be sent when the system

event is completed.

ServerIronADX(config)# aaa accounting system default start-stop radius

Syntax: aaa accounting system default start-stop radius | tacacs+ | none

Configuring an interface as the source for all RADIUS packets

You can designate the lowest-numbered IP address configured an Ethernet port, POS port,

loopback interface, or virtual interface as the source IP address for all RADIUS packets from the

Layer 3 Switch. Identifying a single source IP address for RADIUS packets provides the following

benefits:

• If your RADIUS server is configured to accept packets only from specific links or IP addresses,

you can use this feature to simplify configuration of the RADIUS server by configuring the

ServerIron to always send the RADIUS packets from the same link or source address.

• If you specify a loopback interface as the single source for RADIUS packets, RADIUS servers

can receive the packets regardless of the states of individual links. Thus, if a link to the

RADIUS server becomes unavailable but the client or server can be reached through another

link, the client or server still receives the packets, and the packets still have the source IP

address of the loopback interface.

The software contains separate CLI commands for specifying the source interface for Telnet,

TACACS or TACACS+, and RADIUS packets. You can configure a source interface for one or more of

these types of packets.

To specify an Ethernet or POS port or a loopback or virtual interface as the source for all RADIUS

packets from the device, use the following CLI method. The software uses the lowest-numbered IP

address configured on the port or interface as the source IP address for RADIUS packets originated

by the device.

To specify the lowest-numbered IP address configured on a virtual interface as the device’s source

for all RADIUS packets, enter commands such as the following.

ServerIronADX(config)# interface ve 1

ServerIronADX(config-vif-1)# ip address 10.0.0.3/24

ServerIronADX(config-vif-1)# exit

ServerIronADX(config)# ip radius source-interface ve 1