Brocade Communications Systems 2.1 manual Security, Optional Unmount the USB storage device

Page 12

1

Chapter 8, Security

switch# firmware download usb directory firmware\NOS_v2.1.1

5. Optional: Unmount the USB storage device.

switch# usb off

Trying to disable USB device. Please wait...

USB storage disabled.

Chapter 8, Security

Add the following section after “TACACS+ server parameters” on page 86. This update only applies to Network OS v2.1.1b or higher:

TACACS+ service in a mixed vendor environment

Network OS v2.1.x supports Terminal Access Controller Access-Control System Plus (TACACS+) Authentication, Authorization and Accounting (AAA) services in multi vendor environments.

Network OS v2.1.x utilizes Role Based Access Control (RBAC) to authorize access to system objects by authenticated users. In AAA environments you may need to configure “authorization” across Brocade & non-Brocade platforms. You can use TACACS+ to provide centralized AAA services to multiple Network Access Servers (NAS) or clients.

Configuring optional arguments in tac_plus

In Network OS v2.1.1b, the Attribute-Value Pair (AVP) arguement can be optional or mandatory, and is requested explicitly by the device running Network OS. In Network OS v2.1.1b, configure the argument as optional, as per the example below:

brcd-role*admin

To further enhance compatibility and interoperability with multiple TACACS+ services, the Network OS device sends the optional argument ‘brcd-role’ in the authorization request to the TACACS+ service. As most TACACS+ servers are coded so that if the NAS sends an argument (as mandatory or optional) in the authorization request, then the service sends the same argument in the response. So when brcd-role is configured as an optional argument, it is sent in the authorization request. Therefore Network OS users are able to successfully authorize with all TACACS+ services in a mixed vendor environment.

The open source TACACS+ server ‘tac_plus’ is hosted on http://www.shrubbery.net, and is based on the original Cisco version of TACACS+ server. In the example below, the mandatory attribute priv-lvl=15 is set to allow Cisco to authenticate. The optional brcd-role = admin argument allows VDX to authenticate with Network OS v2.1.1b.

NOTE

As tac_plus does not send optional arguments by default, optional arguments are only supported by Network OS v2.1.1b or higher.

To configure tac_plus with the optional attribute value pair for NOS, add these values to the tac_plus.conf file:

user = <username> {

default service = permit service = exec {

priv-lvl=15 optional brcd-role = admin

}

2

Network OS Documentation Update

 

53-1002606-06

Image 12
Contents Network OS Brocade Communications Systems, Incorporated Contents Chapter Brocade VDX 6730 Hardware Reference Manual Modified messagesAbout This Document This chapterHow this document is organized Supported hardware and softwareCommand syntax conventions What’s new in this documentDocument conventions Text formattingKey terms Repeat the previous element, for example membermemberAdditional information Brocade resourcesOther industry resources Getting technical help Document feedbackNetwork OS Documentation Update NOS Administrator’s Guide New Content for the NOS Administrator’s GuideInstalling and Maintaining Firmware Optional Enter the usb dir commandConfiguring optional arguments in tacplus SecuritySecurity Optional Unmount the USB storage deviceConfiguration Management Fips SupportFips Support Configuring Lldp Configuring LldpNOS CLI Command Reference New commands in the Network OS Command ReferenceChassis fan airflow-direction Chassis fan airflow-direction Examples To specify the fan airflow-directionSee Also None Restrict-flooding Vcenter discovery ignore-delete-all-response Vcenter discovery ignore-delete-all-responseAlways Guidelines ExamplesVcenter discovery timeout Configures the timeout for the response from vCenter serverDefault value is 60 minutes MinutesModified commands in Network OS Command Reference Modified commands in Network OS Command ReferenceDpod ReserveTimeout secs Ldap-server hostHost Fqdn Domain basednLldp dcbx-version Lldp dcbx-versionQos flowcontrol Rx on offRadius-server Radius-serverExample of adding a Radius server Show dpod Synopsis OperandsDisplays Dynamic Ports on Demand POD license information Show dpod rbridge-idallShow lldp neighbors Operands InterfaceGigabitethernet DetailSystem Description Fibre Channel Switch Timeout-5 Retries-5 Tacacs-serverTacacs-server PortFollowing example changes the TACACS+ server Following example deletes the TACACS+ serverUsb dir Deleted commands in Network OS Command Reference Deleted commands in Network OS Command ReferenceVepa enable New Content for the Network OS Message Reference Network OS Message ReferenceNew messages EM System MessagesFW System Messages Port System MessagesFW-1409 PORT-1014VC System Messages PORT-1016PORT-1017 VC-1007VC-1009 VC-1010VC-1011 VC-1012Modified messages Modified messagesFCOE-1034 FCOE-1034 FRU Removal and Replacement Procedures Brocade VDX 6710-54 Hardware Reference ManualBrocade VDX 6710-54 Operation FRU Removal and Replacement Procedures Brocade VDX 6720 Hardware Reference Manual Brocade VDX 6720 OperationFRU Removal and Replacement Procedures Brocade VDX 6730 Hardware Reference Manual Brocade VDX 6730 OperationFRU Removal and Replacement Procedures

2.1 specifications

Brocade Communications Systems, Inc. is a prominent player in the networking and data center industry, known for its innovative products and solutions that enhance data storage, network management, and cloud computing. The release of Brocade 2.1 brought significant enhancements aimed at improving data flow and network efficiency, specifically designed for evolving IT infrastructures.

One of the main features of Brocade 2.1 is its advanced Fibre Channel technology, which facilitates high-speed data transfer and reliable connectivity for storage area networks (SANs). This technology allows organizations to leverage faster data rates, ensuring minimal latency and optimal performance for mission-critical applications. The support for high-speed data protocols ensures that businesses can efficiently manage their growing data requirements and enhance overall productivity.

Another critical aspect of Brocade 2.1 is its integration with software-defined networking (SDN) and network functions virtualization (NFV). This innovative approach enables organizations to create flexible, scalable networks that can easily adjust to changing business needs. By decoupling the control plane from the data plane, Brocade’s technologies allow for centralized management and automation of network resources, leading to improved operational efficiency and reduced costs.

Brocade 2.1 also emphasizes enhanced security features, incorporating advanced encryption and authentication mechanisms to protect data in transit. This is essential for organizations handling sensitive data and looking to comply with regulations, such as GDPR or HIPAA. The built-in security measures provide peace of mind regarding data integrity and confidentiality.

In terms of management and monitoring, Brocade 2.1 includes robust tools that provide visibility into network performance. Analytics capabilities enable administrators to gather insights into network usage patterns, troubleshoot issues in real-time, and optimize resource allocation. This proactive approach to network management significantly reduces downtime and enhances overall user experience.

Additionally, Brocade’s commitment to interoperability means that 2.1 can easily integrate with existing infrastructure and third-party solutions, offering a seamless transition for organizations looking to upgrade their systems. This flexibility ensures that users can tailor their networking environments to their specific requirements without facing compatibility issues.

In summary, Brocade Communications Systems 2.1 stands out with its high-speed Fibre Channel technology, support for SDN and NFV, enhanced security features, and robust management tools. These characteristics make it an ideal solution for organizations aiming to optimize their IT infrastructure and stay ahead in a rapidly evolving digital landscape.