Ethernet Switches & Routers

Reply
Occasional Visitor
Posts: 1
Registered: ‎08-17-2017

Radius read-only and enable port only

Hello All,

 

I'm using a windows radius server for switch login authentication.  I'm allowing our helpdesk to have port config (which works fine) however they can still disable the uplink ports which is a risk we can't take.  I've tried to configure the foundry-command-exception-flag to not allow them to execute the disable command.  I've attached screenshots of the setup for this. 

Brocade Moderator
Posts: 238
Registered: ‎06-30-2010

Re: Radius read-only and enable port only

Hi,

 

I have never actually used Radius for command authorization but as far as I can tell you appear to have parameters configured correctly according to this http://www.brocade.com/content/html/en/configuration-guide/NI_05800a_SECURITY/GUID-908FB57D-58F9-4804-90DD-40D5F10DD242.html

 

I have previously successful used TACACS+ to implement command authorization and I know that this works OK and should give you the behaviour that you would like.

 

You also do not mention which type of hardware you are attempting to implement this on?

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook