Q-Logic SANBOX2-16 Manuel D’Utilisation
59022-11 A
3-1
Section 3
Managing Fabrics
This section describes the following tasks that manage fabrics:
3.1
RADIUS Servers
Remote Authentication Dial In User Service (RADIUS) provides a method to
centralize the management of authentication passwords in larger networks. It has
a client/server model, where the server is the password repository and third party
authentication point and the clients are all of the managed devices. RADIUS can
be configured for devices and/or user accounts. The RADIUS server dialogs are
available only on a secure fabric connection (SSL) and on the entry switch (out of
band switch). Refer to
centralize the management of authentication passwords in larger networks. It has
a client/server model, where the server is the password repository and third party
authentication point and the clients are all of the managed devices. RADIUS can
be configured for devices and/or user accounts. The RADIUS server dialogs are
available only on a secure fabric connection (SSL) and on the entry switch (out of
band switch). Refer to
and
for more information.
RADIUS is designed to authenticate users and devices using a
challenge/response protocol. Basic implementations consist of a central RADIUS
server containing a database of authorized users as well as authentication
information. A RADIUS client wishing to verify the authenticity of a user issues a
challenge to the user and collects the response to the challenge. This information
is forwarded to the RADIUS server for authentication and the server responds
with the results, either an accept or reject. The RADIUS client does not need to be
configured with any user authentication information, this all resides on the
RADIUS server and can be managed centrally and separately from the clients. In
addition, no passwords are exchanged between the RADIUS server and its
clients. Authentication of requests from a RADIUS client to the server and
responses from the server to a client can also be authenticated. This requires
sharing a secret between the server and client. The accounting RADIUS supports
the auditing of the users and switch services such as Telnet, FTP, and switch
management applications.
challenge/response protocol. Basic implementations consist of a central RADIUS
server containing a database of authorized users as well as authentication
information. A RADIUS client wishing to verify the authenticity of a user issues a
challenge to the user and collects the response to the challenge. This information
is forwarded to the RADIUS server for authentication and the server responds
with the results, either an accept or reject. The RADIUS client does not need to be
configured with any user authentication information, this all resides on the
RADIUS server and can be managed centrally and separately from the clients. In
addition, no passwords are exchanged between the RADIUS server and its
clients. Authentication of requests from a RADIUS client to the server and
responses from the server to a client can also be authenticated. This requires
sharing a secret between the server and client. The accounting RADIUS supports
the auditing of the users and switch services such as Telnet, FTP, and switch
management applications.