Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
221222223224225226227228229230
FastIron Configuration Guide 165
53-1002494-02
RADIUS security
Syntax: radius-server host <ip-addr> | <server-name> [auth-port <number>] [acct-port
<number>] [default key <string> dot1x] [port-only]
The host <ip-addr> is the IPv4 address.
The auth-port <number> parameter is the Authentication port number; it is an optional parameter.
The default is 1645.
The acct-port <number> parameter is the Accounting port number; it is an optional parameter. The
default is 1646.
The default key <string> dot1x parameter indicates that this RADIUS server supports the 802.1X
standard. A RADIUS server that supports the 802.1X standard can also be used to authenticate
non-802.1X authentication requests.
The port-only parameter is optional and specifies that the server will be used only to authenticate
users on ports to which it is mapped.
RADIUS server to individual ports mapping
You can map up to eight RADIUS servers to each port on the Brocade device. The port will
authenticate users using only the RADIUS servers to which the port is mapped. If there are no
RADIUS servers mapped to a port, it will use the “global” servers for authentication.
As in previous releases, a port goes through the list of servers in the order in which it was mapped
or configured, until a server that can perform the requested function is found, or until every server
in the list has been tried.
RADIUS server-to-ports configuration notes
This feature works with 802.1X and multic-device port authentication only.
You can map a RADIUS server to a physical port only. You cannot map a RADIUS server to a VE.
RADIUS server-to-ports configuration example and command syntax
To map a RADIUS server to a port, enter commands such as the following.
Brocade(config)#int e 3
Brocade(config-if-e1000-3)#dot1x port-control auto
Brocade(config-if-e1000-3)#use-radius-server 10.10.10.103
Brocade(config-if-e1000-3)#use-radius-server 10.10.10.110
With the above configuration, port e 3 would send a RADIUS request to 10.10.10.103 first, since it
is the first server mapped to the port. If it fails, it will go to 10.10.10.110.
Syntax: use-radius-server <ip-addr>
The host <ip-addr> is an IPv4 address.