3–Managing Fabric Security
Device Security
59266-01 B 3-15
Using RADIUS Servers
Remote Authentication Dial In User Service (RADIUS) provides a method to
centralize the management of authentication passwords in larger networks. It has
a client/server model, where the server is the password repository and third party
authentication point and the clients are all of the managed devices. You can
configure RADIUS for just the switch, or both the switch and the initiator device,
and user accounts. When using a RADIUS server, every switch in the fabric must
have a network connection. You can configure up to five RADIUS servers to
provide failover.
RADIUS authenticates users and devices using a challenge/response protocol.
Basic implementations consist of a central RADIUS server containing a database
of authorized users as well as authentication information. A RADIUS client
wishing to verify the authenticity of a user issues a challenge to the user and
collects the response to the challenge. This information is forwarded to the
RADIUS server for authentication and the server responds with the results, either
an accept or reject. The RADIUS client does not need to be configured with any
user authentication information. All of this information resides on the RADIUS
server and can be managed centrally and separately from the clients. In addition,
no passwords are exchanged between the RADIUS server and its clients.
Authentication of requests from a RADIUS client to the server and responses from
the server to a client can also be authenticated. This requires sharing a secret
between the server and client. The accounting RADIUS supports the auditing of
the users and switch services such as Telnet, FTP, and switch management
applications.
Adding a RADIUS Server
When you add a RADIUS server, you provide a method to centralize the
management of authentication passwords over a network.
NOTE:
The RADIUS server dialog boxes are available only on a secure (SSL) fabric
and on the entry switch. For more information about SSL, see “Connection
Security” on page 3-1. For information about the SSL service, see
“Managing System Services” on page 5-24. You may need to configure a
security set for RADIUS device security to be used in authenticating other
switches. For information about configuring a security set, see “Creating a
Security Set” on page 3-8.
To Next Page
Loading...
Need help?
General
