Manualshelf

Deployment Guide

ManualsBrandsDell ManualsserversDell Brocade 5100
141142143144145146147148149150
NOTE
To recover lost passwords, refer to the Fabric OS Troubleshooting and Diagnostics Guide.
Remote authentication
Fabric OS supports user authentication through the local user database or one of the following
external authentication services:
Remote authentication dial-in user service (RADIUS)
Lightweight Directory Access Protocol (LDAP) using Microsoft Active Directory in Windows or
OpenLDAP in Linux.
Terminal Access Controller Access-Control System Plus (TACACS+)
Remote authentication configuration
A switch can be configured to try one of the supported remote authentication services (RADIUS,
LDAP, or TACACS+) and local switch authentication. The switch can also be configured to use only a
remote authentication service, or only local switch authentication.
Client/server model
When configured to use one of the supported remote authentication services, the switch acts as a
Network Access Server (NAS) and RADIUS, LDAP, or TACACS+ client. The switch sends all
authentication, authorization, and accounting (AAA) service requests to the authentication server. The
authentication server receives the request, validates the request, and sends its response back to the
switch.
The supported management access channels that integrate with RADIUS, LDAP, and TACACS+
include serial port, Telnet, SSH, Web Tools, and API. All these access channels require the switch IP
address or name to connect. RADIUS, LDAP, and TACACS+ servers accept both IPv4 and IPv6
address formats. For accessing both the active and standby CP blades, and for the purpose of HA
failover, both CP IP addresses of a Backbone should be included in the authentication server
configuration.
NOTE
For systems such as the Brocade DCX Backbone, the switch IP addresses are aliases of the physical
Ethernet interfaces on the CP blades. When specifying client IP addresses for the logical switches in
such systems, make sure that the CP IP addresses are used.
Authentication server data
When configured for remote authentication, a switch becomes a RADIUS, LDAP, or TACACS+ client.
In any of these configurations, authentication records are stored in the authentication host server
database. Login and logout account name, assigned permissions, and time-accounting records are
also stored on the authentication server for each user.
Remote authentication
148 Fabric OS Administrators Guide
53-1003130-01