Configuring Brocade-Specific Attributes On The Radius Server - Dell PowerConnect B-RX Configuration Manual

4
Configuring RADIUS security
Configuring
RADIUS server
NOTE
For the BigIron RX, RADIUS Challenge is supported for 802.1x authentication but not for login
authentication.
During the RADIUS authentication process, if a user supplies a valid username and password, the
RADIUS server sends an Access-Accept packet to the device, authenticating the user. Within the
Access-Accept packet are three Brocade vendor-specific attributes that indicate:
•
•
•
You must add these three Brocade vendor-specific attributes to your RADIUS server's configuration,
and configure the attributes in the individual or group profiles of the users that will access the
BigIron RX.
Brocade's Vendor-ID is 1991, with Vendor-Type 1. The following table describes the Brocade
vendor-specific attributes.
TABLE 38
Attribute name
brocade-privilege-level
104
Brocade
-specific attributes on the
The privilege level of the user
A list of commands
Whether the user is allowed or denied usage of the commands in the list
Brocade vendor-specific attributes for RADIUS
Attribute ID Data type
1 integer
Description
Specifies the privilege level for the user. This
attribute can be set to one of the following:
0 Super User level – Allows complete
read-and-write access to the system. This is
generally for system administrators and is the
only management privilege level that allows
you to configure passwords.
4 Port Configuration level – Allows
read-and-write access for specific ports but
not for global (system-wide) parameters.
5 Read Only level – Allows access to the
Privileged EXEC mode and CONFIG mode of
the CLI but only with read access.
BigIron RX Series Configuration Guide
53-1001986-01