Technical data
ServerIron ADX Administration Guide ix
53-1002434-01
Restricting remote access to management functions . . . . . . . . . . .92
Using ACLs to restrict remote access . . . . . . . . . . . . . . . . . . . .93
Restricting remote access to the device to specific IP addresses95
Restricting remote access to the device to specific VLAN IDs .96
Designated VLAN for Telnet management sessions to a Layer 2
Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Disabling specific access methods. . . . . . . . . . . . . . . . . . . . . . .98
Setting passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Setting a Telnet password . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Setting passwords for management privilege levels. . . . . . . .100
Recovering from a lost password . . . . . . . . . . . . . . . . . . . . . . .102
Displaying the SNMP community string. . . . . . . . . . . . . . . . . .103
Disabling password encryption. . . . . . . . . . . . . . . . . . . . . . . . .104
Specifying a minimum password length. . . . . . . . . . . . . . . . . .104
Setting up local user accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Configuring a local user account . . . . . . . . . . . . . . . . . . . . . . .105
Configuring TACACS or TACACS+ security . . . . . . . . . . . . . . . . . . . .106
How TACACS+ differs from TACACS. . . . . . . . . . . . . . . . . . . . . .106
TACACS or TACACS+ authentication, authorization, and accounting
107
TACACS or TACACS+ configuration considerations . . . . . . . . .110
Identifying the TACACS or TACACS+ servers. . . . . . . . . . . . . . .111
Specifying different servers for individual AAA functions . . . .112
Setting optional TACACS or TACACS+ parameters . . . . . . . . . .112
Configuring authentication-method lists for TACACS or TACACS+114
Configuring TACACS+ authorization . . . . . . . . . . . . . . . . . . . . .116
Configuring TACACS+ accounting . . . . . . . . . . . . . . . . . . . . . . .119
Configuring an interface as the source for all TACACS or TACACS+
packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120
Displaying TACACS or TACACS+ statistics and configuration
information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121
Configuring RADIUS security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
RADIUS authentication, authorization, and accounting . . . . .122
RADIUS NAS-Identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
RADIUS configuration considerations. . . . . . . . . . . . . . . . . . . .125
RADIUS configuration procedure . . . . . . . . . . . . . . . . . . . . . . .126
Configuring Brocade-specific attributes on the RADIUS server126
Identifying the RADIUS server to the ServerIron . . . . . . . . . . .127
Specifying different servers for individual AAA functions . . . .128
Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Configuring authentication-method lists for RADIUS. . . . . . . .129
Configuring RADIUS authorization . . . . . . . . . . . . . . . . . . . . . .131
Configuring RADIUS accounting . . . . . . . . . . . . . . . . . . . . . . . .133
Configuring an interface as the source for all RADIUS packets134
Displaying RADIUS configuration information . . . . . . . . . . . . .135
Configuring authentication-method lists. . . . . . . . . . . . . . . . . . . . .136
Configuration considerations for authentication-method lists137
Examples of authentication-method lists. . . . . . . . . . . . . . . . .138