IBM 12.1(22)EA6 사용자 설명서
5-19
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 5 Configuring Switch-Based Authentication
Controlling Switch Access with RADIUS
Configuring RADIUS
This section describes how to configure your switch to support RADIUS. At a minimum, you must
identify the host or hosts that run the RADIUS server software and define the method lists for RADIUS
authentication. You can optionally define method lists for RADIUS authorization and accounting.
identify the host or hosts that run the RADIUS server software and define the method lists for RADIUS
authentication. You can optionally define method lists for RADIUS authorization and accounting.
A method list defines the sequence and methods to be used to authenticate, to authorize, or to keep
accounts on a user. You can use method lists to designate one or more security protocols to be used (such
as TACACS+ or local username lookup), thus ensuring a backup system if the initial method fails. The
software uses the first method listed to authenticate, to authorize, or to keep accounts on users; if that
method does not respond, the software selects the next method in the list. This process continues until
there is successful communication with a listed method or the method list is exhausted.
accounts on a user. You can use method lists to designate one or more security protocols to be used (such
as TACACS+ or local username lookup), thus ensuring a backup system if the initial method fails. The
software uses the first method listed to authenticate, to authorize, or to keep accounts on users; if that
method does not respond, the software selects the next method in the list. This process continues until
there is successful communication with a listed method or the method list is exhausted.
You should have access to and should configure a RADIUS server before configuring RADIUS features
on your switch.
on your switch.
This section contains this configuration information:
•
•
(required)
•
(required)
•
(optional)
•
(optional)
•
(optional)
•
(optional)
•
(optional)
•
(optional)
Default RADIUS Configuration
RADIUS and AAA are disabled by default.
To prevent a lapse in security, you cannot configure RADIUS through a network management
application. When enabled, RADIUS can authenticate users accessing the switch through the CLI.
application. When enabled, RADIUS can authenticate users accessing the switch through the CLI.
Identifying the RADIUS Server Host
Switch-to-RADIUS-server communication involves several components:
•
Host name or IP address
•
Authentication destination port
•
Accounting destination port
•
Key string
•
Timeout period
•
Retransmission value