Fujitsu BX600 SB9 Integration into Radius and TACACS+, Configuration of Radius, Prepare the ACS

Page 39

White Paper Issue: October 2006 Integration of BX600 SB9 Switches in Cisco Networks

Page 39 / 47

4.4Integration into Radius and TACACS+

4.4.1 Introduction

Radius and TACACS are protocols that can be used for authentication, authorization and accounting. Enterprises often use one of these protocols to authenticate administrative users of network components.

The SB9 supports RADIUS and TACACS+ for the authentication of users which want to access the switch using the web interface, telnet or SSH.

It also supports these protocols for 802.1X, but since this protocol is rarely used in datacenter networks this feature is not discussed here.

4.4.2 Recommended Solution

In most Cisco networks a Cisco Secure ACS is used as TACACS+ and RADIUS server. The protocol should be selected in compliance with company policy, so both configurations are described here.

4.4.3 Configuration of RADIUS

The following steps are necessary to integrate an SB9 into RADIUS authentication.

1. Prepare the ACS

2. Configure the SB9

3. Test the login

Step 1: Prepare the ACS

To prepare the ACS to be an authentication server for the SB9, log in to the web interface of the SB9 and perform the following configuration:

Add the device using the button “Add Entry”

Page 38 Page 40
Image 39
Page 38 Page 40
Contents Contents Introduction Switch Connectivity Basic Multicast ServicesSwitch Management Page Introduction Recommended Solution ConfigurationAuto Negotiation Port Aggregation Network problemsShut down the affected ports to avoid loops Set up the port-channelVerify the operation of the port-channels Bring up the affected portsVLANs and Trunks Vlan Trunk between SB9 and Cisco SwitchConfigure the port-channels Configure Vlan trunkDefine the VLANs Gvrp Verify the Vlan trunkRunning ST P 802.1D with PVST+ on Vlan Trunks Spanning Tree ProtocolRunning PVST+ on Vlan Trunks while disabling STP at the SB9 SB9Rapid Spanning Tree Combining RAPID-PVST and 802.1wCombining RAPID-PVST and 802.1w after failure of Po1 Network loops SB9 SwitchConfiguration with Vlan Trunks Configure the switchesPage Page STP Verify the configurationPage Configuration without Vlan Trunks Configuration example Rstp without Vlan trunksPage Mode Type State Role Enabled Forwarding Designated Disabled Enabled Disabled PC Mbr Manual forwarding Interface BX600 port mapping Access Port and NIC ConfigurationConfigure the access ports of the switches Typical access port configurationConfigure the Broadcom NIC Page Configure the Intel Adapter Page Select Switch Fault Tolerance and press Next Press Finish Link State Configure a Link State GroupEnable Igmp snooping at all Layer 2 switches Recommended solutionConfiguration Enable multicast routing and Igmp at the layer 3 switchVlan Page Configure the SB9 for logging and syslog Configuration of syslog and SntpConfigure the SB9 for unicast Sntp Configure the SB9 for broadcast SntpTest the configuration Snmp Configuration of SnmpConfigure Snmp for SNMPv1 and SNMPv2c Configure SNMPv3 authenticationTest the login Remote Console AccessConfiguration of SSH Configure the SB9Configuration of Radius Integration into Radius and TACACS+Prepare the ACS Page Specify the user’s password and press Submit Test the login Configuration of Tacacs Page Configure the SB9 Configuration of CDP Check the configurationCisco Discovery Protocol Configuration of Port Monitoring Port MonitoringFurther information in the Internet
Top Page Image Contents