Radius Authentication; Radius Authorization - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.8.00
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1436 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
RADIUS authentication
When RADIUS authentication takes place, the following events occur.
1. A user attempts to gain access to the BigIron RX by doing one of the following:
2. The user is prompted for a username and password.
3. The user enters a username and password.
4. The BigIron RX sends a RADIUS Access-Request packet containing the username and
5. The RADIUS server validates the BigIron RX using a shared secret (the RADIUS key).
6. The RADIUS server looks up the username in its database.
7.
8. If the password is valid, the RADIUS server sends an Access-Accept packet to the BigIron RX,
9. The user is authenticated, and the information supplied in the Access-Accept packet for the
RADIUS authorization
When RADIUS authorization takes place, the following events occur.
1. A user previously authenticated by a RADIUS server enters a command on the BigIron RX.
2. The BigIron RX looks at its configuration to see if the command is at a privilege level that
3. If the command belongs to a privilege level that requires authorization, the BigIron RX looks at
BigIron RX Series Configuration Guide
53-1002253-01
•
Logging into the device using Telnet, SSH, or the Web management interface
•
Entering the Privileged EXEC level or CONFIG level of the CLI
password to the RADIUS server.
If the username is found in the database, the RADIUS server validates the password.
authenticating the user. Within the Access-Accept packet are three Brocade vendor-specific
attributes that indicate:
•
The privilege level of the user
•
A list of commands
•
Whether the user is allowed or denied usage of the commands in the list
The last two attributes are used with RADIUS authorization, if configured.
user is stored on the BigIron RX. The user is granted the specified privilege level. If you
configure RADIUS authorization, the user is allowed or denied usage of the commands in the
list.
requires RADIUS command authorization.
the list of commands delivered to it in the RADIUS Access-Accept packet when the user was
authenticated. (Along with the command list, an attribute was sent that specifies whether the
user is permitted or denied usage of the commands in the list.)
NOTE
After RADIUS authentication takes place, the command list resides on the BigIron RX. The
RADIUS server is not consulted again once the user has been authenticated. This means that
any changes made to the user's command list on the RADIUS server are not reflected until the
next time the user is authenticated by the RADIUS server, and the new command list is sent to
the BigIron RX.
Configuring RADIUS security
4
99
Advertisement
Table of Contents
