Authentication; Configuring A Radius Server - Brocade Communications Systems Brocade BladeSystem 4/24 User Manual
Supporting dcfm 10.4.x
Hide thumbs
Also See for Brocade BladeSystem 4/24:
- User manual (830 pages) ,
- Command reference manual (894 pages) ,
- Documentation update (271 pages)
Table of Contents
Advertisement
Authentication
The Authentication function enables you to configure an authentication server and establish
authentication policies. Authentication is configured to the local database by default. If you
configure primary authentication to a Radius server, an LDAP server, or switch authentication, you
can also configure secondary authentication to the local server. When you log in to the
Management application, if the primary server is unavailable, the Management application
attempts with the next configured primary server. If all primary servers are unavailable, then the
Management application falls back to the secondary authentication. Fall back only occurs for
server unavailability, not if there is an authentication failure for another reason (for example, invalid
credentials).
Configuring a Radius server
If you are using a Radius server for authentication, make the following preparations first:
•
•
•
•
•
•
•
DCFM Enterprise User Manual
53-1001775-01
Select an Authentication Type (you will be prompted to provide a type in the Add or Edit Radius
Server dialog box). The Authentication Type is the authentication policy you choose for handling
authentication. The options are PAP and CHAP.
-
PAP, password protected protocol, is based on password verification. Passwords are not
encrypted, and are not secure from eavesdroppers during transmission.
-
CHAP, challenge handshake protocol, uses a three-way handshake method of verification
based on a shared secret. If you are using CHAP, have the shared secret available to you.
You will need to type it in as a configuration parameter.
Know the Shared Secret.
Have the IP address of the server available.
Know the TCP port you are using. For Radius servers, ports 1812 or 1645 (actually UDP ports)
are commonly used. Check with the Radius server vendor if you are not sure which port to
specify.
Know how long you want to wait between attempts to reach the server if it is busy. This is
expressed as a timeout value (default is 3 seconds) in seconds. Values are between 1 and 15.
Determine how many attempts (default is 3 times) to make to reach the server before stopping
and assuming it is unreachable. Values are between 1 and 5.
If possible, establish an active connection with the Radius server before configuration. This
enables you to test the connection as part of the configuration procedure.
7
Authentication
159
Advertisement
Chapters
Table of Contents
Troubleshooting
