1

Chapter 8, Security

switch# firmware download usb directory firmware\NOS_v2.1.1

5. Optional: Unmount the USB storage device.

switch# usb off

Trying to disable USB device. Please wait...

USB storage disabled.

Chapter 8, Security

Add the following section after “TACACS+ server parameters” on page 86. This update only applies to Network OS v2.1.1b or higher:

TACACS+ service in a mixed vendor environment

Network OS v2.1.x supports Terminal Access Controller Access-Control System Plus (TACACS+) Authentication, Authorization and Accounting (AAA) services in multi vendor environments.

Network OS v2.1.x utilizes Role Based Access Control (RBAC) to authorize access to system objects by authenticated users. In AAA environments you may need to configure “authorization” across Brocade & non-Brocade platforms. You can use TACACS+ to provide centralized AAA services to multiple Network Access Servers (NAS) or clients.

Configuring optional arguments in tac_plus

In Network OS v2.1.1b, the Attribute-Value Pair (AVP) arguement can be optional or mandatory, and is requested explicitly by the device running Network OS. In Network OS v2.1.1b, configure the argument as optional, as per the example below:

brcd-role*admin

To further enhance compatibility and interoperability with multiple TACACS+ services, the Network OS device sends the optional argument ‘brcd-role’ in the authorization request to the TACACS+ service. As most TACACS+ servers are coded so that if the NAS sends an argument (as mandatory or optional) in the authorization request, then the service sends the same argument in the response. So when brcd-role is configured as an optional argument, it is sent in the authorization request. Therefore Network OS users are able to successfully authorize with all TACACS+ services in a mixed vendor environment.

The open source TACACS+ server ‘tac_plus’ is hosted on http://www.shrubbery.net, and is based on the original Cisco version of TACACS+ server. In the example below, the mandatory attribute priv-lvl=15 is set to allow Cisco to authenticate. The optional brcd-role = admin argument allows VDX to authenticate with Network OS v2.1.1b.

NOTE

As tac_plus does not send optional arguments by default, optional arguments are only supported by Network OS v2.1.1b or higher.

To configure tac_plus with the optional attribute value pair for NOS, add these values to the tac_plus.conf file:

user = <username> {

default service = permit service = exec {

priv-lvl=15 optional brcd-role = admin

}

2

Network OS Documentation Update

 

53-1002606-06

Page 11 Page 13
Page 12
Image 12
Brocade Communications Systems 2.1 manual Security, Optional Unmount the USB storage device
Page 11 Page 13

2.1 specifications

Brocade Communications Systems, Inc. is a prominent player in the networking and data center industry, known for its innovative products and solutions that enhance data storage, network management, and cloud computing. The release of Brocade 2.1 brought significant enhancements aimed at improving data flow and network efficiency, specifically designed for evolving IT infrastructures.

One of the main features of Brocade 2.1 is its advanced Fibre Channel technology, which facilitates high-speed data transfer and reliable connectivity for storage area networks (SANs). This technology allows organizations to leverage faster data rates, ensuring minimal latency and optimal performance for mission-critical applications. The support for high-speed data protocols ensures that businesses can efficiently manage their growing data requirements and enhance overall productivity.

Another critical aspect of Brocade 2.1 is its integration with software-defined networking (SDN) and network functions virtualization (NFV). This innovative approach enables organizations to create flexible, scalable networks that can easily adjust to changing business needs. By decoupling the control plane from the data plane, Brocade’s technologies allow for centralized management and automation of network resources, leading to improved operational efficiency and reduced costs.

Brocade 2.1 also emphasizes enhanced security features, incorporating advanced encryption and authentication mechanisms to protect data in transit. This is essential for organizations handling sensitive data and looking to comply with regulations, such as GDPR or HIPAA. The built-in security measures provide peace of mind regarding data integrity and confidentiality.

In terms of management and monitoring, Brocade 2.1 includes robust tools that provide visibility into network performance. Analytics capabilities enable administrators to gather insights into network usage patterns, troubleshoot issues in real-time, and optimize resource allocation. This proactive approach to network management significantly reduces downtime and enhances overall user experience.

Additionally, Brocade’s commitment to interoperability means that 2.1 can easily integrate with existing infrastructure and third-party solutions, offering a seamless transition for organizations looking to upgrade their systems. This flexibility ensures that users can tailor their networking environments to their specific requirements without facing compatibility issues.

In summary, Brocade Communications Systems 2.1 stands out with its high-speed Fibre Channel technology, support for SDN and NFV, enhanced security features, and robust management tools. These characteristics make it an ideal solution for organizations aiming to optimize their IT infrastructure and stay ahead in a rapidly evolving digital landscape.
Top Page Image Contents