Configuring the RADIUS server
You must know the switch IP address, in either IPv4 or IPv6 notation, or name to connect to switches. Use
the ipAddrShow command to display a switch IP address.
For Directors (chassis-based systems), the switch IP addresses are aliases of the physical Ethernet interfaces
on the CP blades. When specifying client IP addresses for the logical switches in such systems, make sure
the CP blade IP addresses are used. For accessing both the active and standby CP blade, and for the
purpose of HA failover, both of the CP blade IP addresses should be included in the RADIUS server
User accounts should be set up by their true network-wide identity, rather than by the account names
created on a Fabric OS switch. Along with each account name, the administrator should assign
appropriate switch access roles. To manage a fabric, these roles can be User, Admin, and SecurityAdmin.
When they log in to a switch configured with RADIUS, users enter their assigned RADIUS account names
and passwords at the prompt. After the RADIUS server authenticates a user, it responds with the assigned
switch role in a Brocade Vendor-Specific Attribute (VSA), as defined in the RFC. An Authentication-Accept
response without such VSA role assignment automatically assigns the user role.
The following sections describe how to configure a RADIUS server to support clients under different
The following procedures work for FreeRADIUS on Solaris and Red Hat Linux. FreeRADIUS is a freeware
RADIUS server that you can find at the following website:
Follow the installation instructions at the web site. FreeRADIUS runs on Linux (all versions), FreeBSD,
NetBSD, and Solaris. If you make a change to any of the files used in this configuration, you must stop the
server and restart it for the changes to take effect.
FreeRADIUS installation places the configuration files in $PREFIX/etc/raddb. By default, the PREFIX is
Configuring RADIUS service on Linux consists of the following tasks:
Adding the Brocade attribute to the server
Creating the user
To add the Brocade attribute to the server:
Create and save the file $PREFIX/etc/raddb/dictionary.brocade with the following information:
# Brocade FabricOS 5.0.1 dictionary
# attribute 1 defined to be Brocade-Auth-Role
# string defined in user configuration
This defines the Brocade vendor ID as 1588, the Brocade attribute 1 as Brocade-Auth-Role, and it is a
Open the file $PREFIX/etc/raddb/dictionary in a text editor and add the line:
As a result, the file dictionary.brocade is located in the RADIUS configuration directory and loaded for
use by the RADIUS server.
Managing user accounts