Administrator Guide
Fabric OS Administrator’s Guide 179
53-1002920-02
Remote authentication
6
RSA RADIUS server
Traditional password-based authentication methods are based on one-factor authentication, where
you confirm your identity using a memorized password. Two-factor authentication increases the
security by using a second factor to corroborate identification. The first factor is either a PIN or
password and the second factor is the RSA SecurID token.
RSA SecurID with an RSA RADIUS server is used for user authentication. The Brocade switch does
not communicate directly with the RSA Authentication Manager, so the RSA RADIUS server is used
in conjunction with the switch to facilitate communication.
To learn more about how RSA SecurID works, visit www.rsa.com for more information.
Setting up the RSA RADIUS server
For more information on how to install and configure the RSA Authentication Manager and the RSA
RADIUS server, refer to your documentation or visit www.rsa.com.
1. Create user records in the RSA Authentication Manager.
2. Configure the RSA Authentication Manager by adding an agent host.
3. Configure the RSA RADIUS server.
Setting up the RSA RADIUS server involves adding RADIUS clients, users, and vendor-specific
attributes to the RSA RADIUS server.
a. Add the following data to the vendor.ini file:
vendor-product = Brocade
dictionary = brocade
ignore-ports = no
port-number-usage = per-port-type
help-id = 2000
b. Create a brocade.dct file that must be added into the dictiona.dcm file located in the
following path:
C:\Program Files\RSA Security\RSA RADIUS\Service
Figure 11 on page 180 shows what the brocade.dct file should look like and Figure 12 on
page 180 shows what needs to be modified in the dictiona.dcm file.
NOTE
The dictionary files for the RSA RADIUS server must remain in the installation directory. Do
not move the files to other locations on your computer.
c. Add Brocade-VSA macro and define the attributes as follows:
• vid (Vendor-ID): 1588
• type1 (Vendor-Type): 1
• len1 (Vendor-Length): >=2