Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario

RADIUS security

Configuring RADIUS

Follow the procedure given below to configure a Brocade device for RADIUS.

1. Configure Brocade vendor-specific attributes on the RADIUS server. Refer to 

 on page 45.

2. Identify the RADIUS server to the Brocade device. Refer to 

 on page 47.

3. Optionally specify different servers for individual AAA functions. Refer to 

4. Optionally configure the RADIUS server as a “port only” server. Refer to 

 on page 48.

5. Optionally bind the RADIUS servers to ports on the Brocade device. Refer to 

 on page 49.

6. Set RADIUS parameters. Refer to 

7. Configure authentication-method lists. Refer to 

 on page 51.

8. Optionally configure RADIUS authorization. Refer to 

 on page 53.

9. Optionally configure RADIUS accounting. 

 on page 55.

Brocade-specific attributes on the RADIUS server

NOTE
For all Brocade devices, RADIUS Challenge is supported for 802.1x authentication but not for login 
authentication.

During the RADIUS authentication process, if a user supplies a valid username and password, the 
RADIUS server sends an Access-Accept packet to the Brocade device, authenticating the user. 
Within the Access-Accept packet are three Brocade vendor-specific attributes that indicate:

•

The privilege level of the user

•

A list of commands

•

Whether the user is allowed or denied usage of the commands in the list

You must add these three Brocade vendor-specific attributes to your RADIUS server configuration, 
and configure the attributes in the individual or group profiles of the users that will access the 
Brocade device. 

Brocade Vendor-ID is 1991, with Vendor-Type 1. The following table describes the Brocade 
vendor-specific attributes.