Configuration Guide User guide

FastIron Configuration Guide vii
53-1002494-02
TACACS and TACACS+ security . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
How TACACS+ differs from TACACS . . . . . . . . . . . . . . . . . . . . . .139
TACACS/TACACS+ authentication, authorization,
and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
TACACS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
TACACS/TACACS+ configuration considerations . . . . . . . . . . .145
Enabling TACACS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146
Identifying the TACACS/TACACS+ servers. . . . . . . . . . . . . . . . .146
Specifying different servers for individual AAA functions . . . . 147
Setting optional TACACS and TACACS+ parameters . . . . . . . . 147
Configuring authentication-method lists for
TACACS and TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Configuring TACACS+ authorization . . . . . . . . . . . . . . . . . . . . .151
TACACS+ accounting configuration. . . . . . . . . . . . . . . . . . . . . .154
Configuring an interface as the source for all
TACACS and TACACS+ packets . . . . . . . . . . . . . . . . . . . . . . . . .155
Displaying TACACS/TACACS+ statistics and
configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
RADIUS security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
RADIUS authentication, authorization, and accounting . . . . .157
RADIUS configuration considerations. . . . . . . . . . . . . . . . . . . .160
Configuring RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Brocade-specific attributes on the RADIUS server . . . . . . . . .161
Enabling SNMP to configure RADIUS . . . . . . . . . . . . . . . . . . . .163
Identifying the RADIUS server to the Brocade device . . . . . . .163
Specifying different servers for individual AAA functions . . . .163
RADIUS server per port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
RADIUS server to individual ports mapping . . . . . . . . . . . . . . .165
RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Setting authentication-method lists for RADIUS . . . . . . . . . . .167
RADIUS authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
RADIUS accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Configuring an interface as the source for all
RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Displaying RADIUS configuration information . . . . . . . . . . . . .172
Authentication-method lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Configuration considerations for authentication-
method lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Examples of authentication-method lists. . . . . . . . . . . . . . . . .175
TCP Flags - edge port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Using TCP Flags in combination with other ACL features . . . .178
Chapter 5 SSH2 and SCP
SSH version 2 overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
Tested SSH2 clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
SSH2 supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
SSH2 unsupported features . . . . . . . . . . . . . . . . . . . . . . . . . . .180