Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

221

222

223

224

225

226

227

228

229

230

164 FastIron Configuration Guide

53-1002494-02

RADIUS security

To specify different RADIUS servers for authentication, authorization, and accounting, enter

commands such as the following.

Brocade(config)#radius-server host 1.2.3.4 authentication-only key abc

Brocade(config)#radius-server host 1.2.3.5 authorization-only key def

Brocade(config)#radius-server host 1.2.3.6 accounting-only key ghi

Syntax: radius-server host <ip-addr> | <ipv6-addr> | <server-name> [auth-port <number>]

[acct-port <number>] [authentication-only | accounting-only | default] [key 0 | 1

<string>]

The default parameter causes the server to be used for all AAA functions.

After authentication takes place, the server that performed the authentication is used for

authorization and accounting. If the authenticating server cannot perform the requested function,

then the next server in the configured list of servers is tried; this process repeats until a server that

can perform the requested function is found, or every server in the configured list has been tried.

RADIUS server per port

You can optionally configure a RADIUS server per port, indicating that it will be used only to

authenticate users on ports to which it is mapped. A RADIUS server that is not explicitly configured

as a RADIUS server per port is a global server, and can be used to authenticate users on ports to

which no RADIUS servers are mapped.

RADIUS server per port configuration notes

• This feature works with 802.1X and multi-device port authentication only.

• You can define up to eight RADIUS servers per Brocade device.

RADIUS configuration example and command syntax

The following shows an example configuration.

Brocade(config)#radius-server host 10.10.10.103 auth-port 1812 acct-port 1813

default key mykeyword dot1x port-only

Brocade(config)#radius-server host 10.10.10.104 auth-port 1812 acct-port 1813

default key mykeyword dot1x port-only

Brocade(config)#radius-server host 10.10.10.105 auth-port 1812 acct-port 1813

default key mykeyword dot1x

Brocade(config)#radius-server host 10.10.10.106 auth-port 1812 acct-port 1813

default key mykeyword dot1x

The above configuration has the following affect:

• RADIUS servers 10.10.10.103 and 10.10.10.104 will be used only to authenticate users on

ports to which the servers are mapped. To map a RADIUS server to a port, refer to “RADIUS

server to individual ports mapping” on page 165.

• RADIUS servers 10.10.10.105 and 10.10.10.106 will be used to authenticate users on ports to

which no RADIUS servers are mapped. For example, port e 9, to which no RADIUS servers are

mapped, will send a RADIUS request to the first configured RADIUS server, 10.10.10.105. If

the request fails, it will go to the second configured RADIUS server, 10.10.10.106. It will not

send requests to 10.10.10.103 or 10.10.10.104, since these servers are configured as port

servers.