Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
51525354555657585960
42 ServerIron ADX Administration Guide
53-1002434-01
Configuring access control
1
ATTENTION
If you have previously configured the device to perform command authorization using a RADIUS
server, entering enable aaa console may prevent the execution of any subsequent commands
entered on the console.
This happens because RADIUS command authorization requires a list of allowable commands from
the RADIUS server. This list is obtained during RADIUS authentication. For console sessions,
RADIUS authentication is performed only if you have configured Enable authentication and
specified RADIUS as the authentication method (for example, with aaa authentication enable
default radius). If RADIUS authentication is never performed, the list of allowable commands is
never obtained from the RADIUS server. Consequently, there would be no allowable commands on
the console.
Displaying information about TACACS+ and RADIUS servers
To display information about all TACACS+ and RADIUS servers identified on the device, enter the
following command.
Syntax: show aaa
RADIUS security
You can further secure CLI access to the switch or router by configuring the device to consult a
RADIUS server to authenticate user names and passwords. You can configure the device to
authenticate Telnet logins and Enable access on a separate basis.
NOTE
RADIUS authentication is not supported for Web management or IronView access.
Setting RADIUS server parameters
You can identify a RADIUS server and sets other RADIUS parameters, by entering a command such
as the following.
ServerIronADX(config)# radius-server host 209.157.22.99
ServerIronADX# show aaa
Tacacs+ key: brocade
Tacacs+ retries: 1
Tacacs+ timeout: 15 seconds
Tacacs+ dead-time: 3 minutes
Tacacs+ Server: 207.95.6.90 Port:49:
opens=6 closes=3 timeouts=3 errors=0
packets in=4 packets out=4
no connection
Radius key: networks
Radius retries: 3
Radius timeout: 3 seconds
Radius dead-time: 3 minutes
Radius Server: 207.95.6.90 Auth Port=1645 Acct Port=1646:
opens=2 closes=1 timeouts=1 errors=0
packets in=1 packets out=4
no connection