Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
50
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
RADIUS security
RADIUS parameters
You can set the following parameters in a RADIUS configuration:
•
RADIUS key – This parameter specifies the value that the Brocade device sends to the RADIUS
server when trying to authenticate user access.
server when trying to authenticate user access.
•
Retransmit interval – This parameter specifies how many times the Brocade device will resend
an authentication request when the RADIUS server does not respond. The retransmit value
can be from 1 – 5 times. The default is 3 times.
an authentication request when the RADIUS server does not respond. The retransmit value
can be from 1 – 5 times. The default is 3 times.
•
Timeout – This parameter specifies how many seconds the Brocade device waits for a
response from a RADIUS server before either retrying the authentication request, or
determining that the RADIUS servers are unavailable and moving on to the next authentication
method in the authentication-method list. The timeout can be from 1 – 15 seconds. The
default is 3 seconds.
response from a RADIUS server before either retrying the authentication request, or
determining that the RADIUS servers are unavailable and moving on to the next authentication
method in the authentication-method list. The timeout can be from 1 – 15 seconds. The
default is 3 seconds.
Setting the RADIUS key
The key parameter in the radius-server command is used to encrypt RADIUS packets before they
are sent over the network. The value for the key parameter on the Brocade device should match the
one configured on the RADIUS server. The key can be from 1 – 32 characters in length and cannot
include any space characters.
are sent over the network. The value for the key parameter on the Brocade device should match the
one configured on the RADIUS server. The key can be from 1 – 32 characters in length and cannot
include any space characters.
To specify a RADIUS server key, enter a command such as the following.
Brocade(config)# radius-server key mirabeau
Syntax: radius-server key [0 | 1] string
When you display the configuration of the Brocade device, the RADIUS key is encrypted.
Example
Brocade(config)# radius-server key 1 abc
Brocade(config)# write terminal
...
radius-server host 10.2.3.5
radius key 1 $!2d
Brocade(config)# write terminal
...
radius-server host 10.2.3.5
radius key 1 $!2d
NOTE
Encryption of the RADIUS keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.
parameter is not required; it is provided for backwards compatibility.
Setting the retransmission limit
The retransmit parameter specifies the maximum number of retransmission attempts. When an
authentication request times out, the Brocade software will retransmit the request up to the
maximum number of retransmissions configured. The default retransmit value is 3 retries. The
range of retransmit values is from 1 – 5.
authentication request times out, the Brocade software will retransmit the request up to the
maximum number of retransmissions configured. The default retransmit value is 3 retries. The
range of retransmit values is from 1 – 5.
To set the RADIUS retransmit limit, enter a command such as the following.
Brocade(config)# radius-server retransmit 5
Syntax: radius-server retransmit number