Manualshelf

Users Guide

ManualsBrandsDell ManualsComputer equipmentBrocade M5424
641642643644645646647648649650
Fabric OS Administrator’s Guide 649
53-1002920-02
FIPS mode configuration
B
Setting up LDAP for FIPS mode
1. Log in to the switch using an account with admin or securityadmin permissions, or an account
with OM permissions for the RADIUS and switch configuration RBAC classes of commands.
2. Enter the dnsConfig command to configure the DNS on the switch.
Example of setting the DNS
switch:admin> dnsconfig
Enter option
1 Display Domain Name Service (DNS) configuration
2 Set DNS configuration
3 Remove DNS configuration
4 Quit
Select an item: (1..4) [4] 2
Enter Domain Name: [] domain.com
Enter Name Server IP address in dot notation: [] 123.123.123.123
Enter Name Server IP address in dot notation: [] 123.123.123.124
DNS parameters saved successfully
Enter option
1 Display Domain Name Service (DNS) configuration
2 Set DNS configuration
3 Remove DNS configuration
4 Quit
Select an item: (1..4) [4] 4
Specify the DNS IP address using either IPv4 or IPv6. This address is needed for the switch to
resolve the domain name to the IP address because LDAP initiates a TCP session to connect to
your Microsoft Active Directory server. A Fully Qualified Domain Name (FQDN) is needed to
validate the server identity as mentioned in the common name of the server certificate.
3. Set the switch authentication mode and add your LDAP server by using the commands shown
in the following example. Provide the Fully Qualified Domain Name (FQDN) of the Microsoft
Active Directory server for the host name parameter while configuring LDAP.
Example of setting up LDAP for FIPS mode
switch:admin> aaaconfig --add GEOFF5.ADLDAP.LOCAL -conf ldap -d adldap.local
-p 389 -t 3
switch:admin> aaaconfig --authspec "ldap;local"
switch:admin> aaaconfig –show
RADIUS CONFIGURATIONS
=====================
RADIUS configuration does not exist.
The switch uses FIPS-compliant ciphers regardless of the
Microsoft Active Directory server configuration. If the
Microsoft Active Directory server is not configured for FIPS
ciphers, authentication will still succeed.
The Microsoft Active Directory server certificate is
validated if the CA certificate is found on the switch.
The Microsoft Active Directory server certificate is validated
by the LDAP client. If the CA certificate is not present on the
switch, then user authentication will fail.
If the Microsoft Active Directory server is configured
for FIPS ciphers and the switch is in non-FIPS mode,
then user authentication will succeed.
TABLE 97 FIPS and non-FIPS modes of operation (Continued)
FIPS mode non-FIPS mode