Configuration Guide Manual

ManualsBrandsBrocade ManualsComputer AccessoriesTurboIron 24X Series

131

132

133

134

135

136

137

138

139

140

100 Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring RADIUS security

The following table describes the TACACS/TACACS+ information displayed by the show aaa

command.

Configuring RADIUS security

You can use a Remote Authentication Dial In User Service (RADIUS) server to secure the following

types of access to the Layer 2 Switch or Layer 3 Switch:

• Telnet access

• SSH access

• Access to the Privileged EXEC level and CONFIG levels of the CLI

NOTE

Devices do not support RADIUS security for SNMP (Brocade Network Advisor) access.

RADIUS authentication, authorization, and accounting

When RADIUS authentication is implemented, the device consults a RADIUS server to verify user

names and passwords. You can optionally configure RADIUS authorization, in which the device

consults a list of commands supplied by the RADIUS server to determine whether a user can

execute a command he or she has entered, as well as accounting, which causes the device to log

information on a RADIUS accounting server when specified events occur on the device.

RADIUS authentication

When RADIUS authentication takes place, the following events occur.

TABLE 22 Output of the show aaa command for TACACS/TACACS+

Field Description

Tacacs+ key The setting configured with the tacacs-server key command. At the Super User privilege level,

the actual text of the key is displayed. At the other privilege levels, a string of periods (....) is

displayed instead of the text.

Tacacs+ retries The setting configured with the tacacs-server retransmit command.

Tacacs+ timeout The setting configured with the tacacs-server timeout command.

Tacacs+

dead-time

The setting configured with the tacacs-server dead-time command.

Tacacs+ Server For each TACACS/TACACS+ server, the IP address, port, and the following statistics are

displayed:

• opens - Number of times the port was opened for communication with the server

• closes - Number of times the port was closed normally

• timeouts - Number of times port was closed due to a timeout

• errors - Number of times an error occurred while opening the port

• packets in - Number of packets received from the server

• packets out - Number of packets sent to the server

connection The current connection status. This can be “no connection” or “connection active”.