Deployment Guide

Syntax for VSA-based account roles (Continued)TABLE 25

Item Value Description

Vendor ID 1588 4 octet, Brocade SMI Private Enterprise Code

Vendor type 1 1 octet, Brocade-Auth-Role; valid attributes for the Brocade-Auth-Role are:

Admin

BasicSwitchAdmin

FabricAdmin

Operator

SecurityAdmin

SwitchAdminUser

ZoneAdmin

2 Optional: Specifies the Admin Domain or Virtual Fabric member list. For more

information on Admin Domains or Virtual Fabrics, refer to RADIUS

configuration with Admin Domains or Virtual Fabrics on page 154.

Brocade-AVPairs1

3 Brocade-AVPairs2

4 Brocade-AVPairs3

5 Brocade-AVPairs4

6 Brocade Password ExpiryDate

7 Brocade Password ExpiryWarning

Vendor length 2 or higher 1 octet, calculated by server, including vendor-type and vendor-length

Attribute-specific data ASCII string Multiple octet, maximum 253, indicating the name of the assigned role and

other supported attribute values such as Admin Domain member list.

Fabric OS users on the RADIUS server

All existing Fabric OS mechanisms for managing local-switch user accounts and passwords remain

functional when the switch is configured to use RADIUS. Changes made to the local switch database

do not propagate to the RADIUS server, nor do the changes affect any account on the RADIUS

server.

Windows 2000 IAS

To configure a Windows 2000 Internet authentication service (IAS) server to use VSA to pass the

admin role to the switch in the dial-in profile, the configuration specifies the Vendor code (1588),

Vendor-assigned attribute number (1), and attribute value (admin), as shown in the below figure.

Fabric OS users on the RADIUS server

152 Fabric OS Administrators Guide

53-1003130-01