Brocade Communications Systems RFS6000 System Reference Manual page 143

11. Click Cancel to revert back to the last saved configuration and move back to the
Configuring an External Radius Server for Optimal Switch Support
The switch's external Radius Server should be configured with Brocade RF Switch specific
attributes to best utilize the user privilege values assignable by the Radius Server. The following
two values should be configured on the external Server for optimal use with the switch:
•
•
Configuring Brocade Specific Radius Server User Privilege Values
The following recommended Radius Server user privilege settings specify access privilege levels for
those accessing the switch managed network. To define user privilege values, assign the following
attributes in the external Radius Server:
1. Set the attribute number to 1 and its type as "integer."
2. Define the following possible decimal values for user access permissions:
3. Specify multiple privileges (for a single user) by specifying different attributes as needed. The
NOTE
If user privilege attributes are not defined for the Radius Server, users will be authenticated with a
default privilege role of 1 (Monitor read-only access).
Configuring the User Login Sources
The following recommended Radius Server user login sources specify the location
(ssh/telnet/console/Web) from which users are allowed switch access. If login access permissions
are not defined (restricted), users will be allowed to log in from each interface. To define login
source access locations:
1. Set the attribute number to 100 and its type as "integer."
2. Define the following possible decimal values for login sources:
Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide
53-1002515-01
Network > Wireless LANs > Edit screen.
Brocade user privilege values
User login source
a. Set the Monitor Role value to 1 (read-only access to the switch).
b. Set the Helpdesk Role value to 2 (helpdesk/support access to the switch).
c. Set the Nwadmin Role value to 4 (wired and wireless access to the switch).
d. Set the Sysadmin Role value to 8 (system administrator access).
e. Set the WebAdmin Role value to 16 (guest user application access).
f. Set the Superuser Role value to 32768 (grants full read/write access to the switch).
privilege values can be ORed and specified once. For example, if a user needs monitor
(read-only) and helpdesk access, configure the Radius Server with two attributes. Once with a
value 1 for monitor access and then with a value 2 for the helpdesk role.
Multiple roles can also be defined by configuring the Radius Server with attribute 1 and value 3
(or monitor value 1 and helpdesk value 2).
a. Set the Console Access value to 128 (user is allowed login privileges only from console).
b. Set the Telnet Access value to 64 (user is allowed login privileges only from a Telnet
session).
4
131