Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
Brocade ICX 6650 Security Configuration Guide
51
53-1002601-01
RADIUS security
Setting the timeout parameter
The timeout parameter specifies how many seconds the Brocade device waits for a response from
the RADIUS server before either retrying the authentication request, or determining that the
RADIUS server is unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.
the RADIUS server before either retrying the authentication request, or determining that the
RADIUS server is unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.
Brocade(config)# radius-server timeout 5
Syntax: radius-server timeout number
Setting RADIUS over IPv6
Brocade devices support the ability to send RADIUS packets over an IPv6 network.
To enable the Brocade device to send RADIUS packets over IPv6, enter a command such as the
following at the Global CONFIG level of the CLI.
following at the Global CONFIG level of the CLI.
Brocade(config)# radius-server host ipv6 3000::300
Syntax: radius-server host ipv6 ipv6-host address
The ipv6-host address is the IPv6 address of the RADIUS server. When you enter the IPv6 host
address, you do not need to specify the prefix length. A prefix length of 128 is implied.
address, you do not need to specify the prefix length. A prefix length of 128 is implied.
Setting authentication-method lists for RADIUS
You can use RADIUS to authenticate Telnet/SSH access and access to Privileged EXEC level and
CONFIG levels of the CLI. When configuring RADIUS authentication, you create
authentication-method lists specifically for these access methods, specifying RADIUS as the
primary authentication method.
CONFIG levels of the CLI. When configuring RADIUS authentication, you create
authentication-method lists specifically for these access methods, specifying RADIUS as the
primary authentication method.
Within the authentication-method list, RADIUS is specified as the primary authentication method
and up to six backup authentication methods are specified as alternates. If RADIUS authentication
fails due to an error, the device tries the backup authentication methods in the order they appear in
the list.
and up to six backup authentication methods are specified as alternates. If RADIUS authentication
fails due to an error, the device tries the backup authentication methods in the order they appear in
the list.
When you configure authentication-method lists for RADIUS, you must create a separate
authentication-method list for Telnet or SSH CLI access and for CLI access to the Privileged EXEC
level and CONFIG levels of the CLI.
authentication-method list for Telnet or SSH CLI access and for CLI access to the Privileged EXEC
level and CONFIG levels of the CLI.
To create an authentication-method list that specifies RADIUS as the primary authentication
method for securing Telnet access to the CLI.
method for securing Telnet access to the CLI.
Brocade(config)# enable telnet authentication
Brocade(config)# aaa authentication login default radius local
Brocade(config)# aaa authentication login default radius local
The commands above cause RADIUS to be the primary authentication method for securing Telnet
access to the CLI. If RADIUS authentication fails due to an error with the server, local authentication
is used instead.
access to the CLI. If RADIUS authentication fails due to an error with the server, local authentication
is used instead.
To create an authentication-method list that specifies RADIUS as the primary authentication
method for securing access to Privileged EXEC level and CONFIG levels of the CLI.
method for securing access to Privileged EXEC level and CONFIG levels of the CLI.
Brocade(config)# aaa authentication enable default radius local none