Technical data
144 ServerIron ADX Administration Guide
53-1002434-01
Integrating RBM with RADIUS and TACACS+
3
Integrating RBM with RADIUS and TACACS+
You can configure a ServerIron ADX and its corresponding AAA (Radius or TACAC+) server to have
RBM access authenticated from the respective AAA server. The following procedures must be used
to configure a ServerIron ADX for RBM authentication by a AAA Server :
• Configure the ServerIron ADX for AAA server authentication
• Configure the contexts on the ServerIron ADX
• Specify the context and role information on the AAA server.
Once these procedures are completed access to RBM on the ServerIron ADX follows this sequence:
1. The client logs into the ServerIron ADX with a Username and Password.
2. The ServerIron ADX requests authentication from the AAA (Radius or TACACS+) server.
3. The RADIUS or TACACS+ server authenticates the user for the approved context for the
ServerIron ADX.
4. The ServerIron ADX assigns the approved contexts and roles to the user;
5. If the context or template authenticated by the AAA server is not configured on the ServerIron
ADX., the ServerIron ADX ignores the context authentication and a log message is generated.
Configuring the ServerIron ADX for AAA authentication
The following must be configured on the ServerIron ADX for AAA authentication.
• The ServerIron ADX must be configured for authentication by a AAA server. Instructions are
provided in Chapter 2, “Secure Access Management”. Sample configurations for RADIUS and
TACACS+ are provided in “Configuring a ServerIron ADX for authentication by a RADIUS server”
and “Configuring a ServerIron ADX for authentication by a TACACS+ server”. There is nothing in
the AAA configurations that is unique to use with RBM.
• A role template must be configured at the global level and the role template must be
associated to a user
Configuring a ServerIron ADX for authentication by a RADIUS server
Procedures for configuring a ServerIron ADX for authentication by a RADIUS server are described in
detail in “Configuring RADIUS security” on page 122. The following example is a standard
ServerIron ADX configuration for enabling AAA authentication and authorization by a RADIUS server
with the following settings:
• Default login authentication is provided by a RADIUS server.
• Exec authorization is configured on the ServerIron ADX to have the user’s privilege level
authorized by a RADIUS server.
• RADIUS is set as the primary authentication method for securing access to the ServerIron ADX
system.
• The server at IP address 10.10.10.10 is identified as the RADIUS server.
• Encryption is enabled through the “key” parameter
ServerIronADX(config)# aaa authentication login default radius
ServerIronADX(config)# aaa authorization exec default radius