Blade ICE G8124-E Manual De Usuario

BMD00220, October 2010

C

HAPTER

4

Secure switch management is needed for environments that perform significant management 
functions across the Internet. The following are some of the functions for secured IPv4 management 
and device access:

BLADEOS 6.5 does not support IPv6 for RADIUS, TACACS+ or LDAP.

BLADEOS supports the RADIUS (Remote Authentication Dial-in User Service) method 

to 

authenticate and authorize remote administrators for managing the switch. This method is based on 
a client/server model. The Remote Access Server (RAS)—the switch—is a client to the back-end 
database server. A remote user (the remote administrator) interacts only with the RAS, not the 
back-end server and database. 

RADIUS authentication consists of the following components:

A protocol with a frame format that utilizes UDP over IP (based on RFC 2138 and 2866)

A centralized server that stores all the user authorization information

A client: in this case, the switch

The G8124—acting as the RADIUS client—communicates to the RADIUS server to authenticate 
and authorize a remote administrator using the protocol definitions specified in RFC 2138 and 
2866. Transactions between the client and the RADIUS server are authenticated using a shared key 
that is not sent over the network. In addition, the remote administrator passwords are sent encrypted 
between the RADIUS client (the switch) and the back-end RADIUS server.