Configuring Radius Security; Radius Authentication, Authorization, And Accounting - Dell PowerConnect B-RX Configuration Manual

4

Configuring RADIUS security

Configuring RADIUS security
You can use a Remote Authentication Dial In User Service (RADIUS) server to secure the following
types of access to the device:
•
•
•
•
NOTE
The BigIron RX does not support RADIUS security for SNMP (IronView Network Manager) access.

RADIUS authentication, authorization, and accounting

When RADIUS authentication is implemented, the BigIron RX consults a RADIUS server to verify
user names and passwords. You can optionally configure RADIUS authorization, in which the
BigIron RX consults a list of commands supplied by the RADIUS server to determine whether a user
can execute a command he or she has entered, as well as accounting, which causes the device to
log information on a RADIUS accounting server when specified events occur on the device.
NOTE
By default, a user logging into the device through Telnet or SSH first enters the User EXEC level. The
user can then enter the enable command to get to the Privileged EXEC level.
A user that is successfully authenticated can be automatically placed at the Privileged EXEC level
after login. Refer to
RADIUS authentication
When RADIUS authentication takes place, the following events occur.
1. A user attempts to gain access to the BigIron RX by doing one of the following:
2. The user is prompted for a username and password.
3. The user enters a username and password.
4. The BigIron RX sends a RADIUS Access-Request packet containing the username and
5. The RADIUS server validates the BigIron RX using a shared secret (the RADIUS key).
6. The RADIUS server looks up the username in its database.
7.
8. If the password is valid, the RADIUS server sends an Access-Accept packet to the BigIron RX,
100
Telnet access
SSH access
Web management access
Access to the Privileged EXEC level and CONFIG levels of the CLI
"Entering privileged EXEC mode after a Telnet or SSH login"
•
Logging into the device using Telnet, SSH, or the Web management interface
•
Entering the Privileged EXEC level or CONFIG level of the CLI
password to the RADIUS server.
If the username is found in the database, the RADIUS server validates the password.
authenticating the user. Within the Access-Accept packet are three Brocade vendor-specific
attributes that indicate:
•
The privilege level of the user
on page 108.
BigIron RX Series Configuration Guide
53-1001986-01