Integration into Radius and TACACS+ | Fujitsu BX600 SB9 guide

White Paper ⏐ Issue: October 2006 ⏐ Integration of BX600 SB9 Switches in Cisco Networks

Page 39 / 47

4.4Integration into Radius and TACACS+

4.4.1 Introduction

Radius and TACACS are protocols that can be used for authentication, authorization and accounting. Enterprises often use one of these protocols to authenticate administrative users of network components.

The SB9 supports RADIUS and TACACS+ for the authentication of users which want to access the switch using the web interface, telnet or SSH.

It also supports these protocols for 802.1X, but since this protocol is rarely used in datacenter networks this feature is not discussed here.

4.4.2 Recommended Solution

In most Cisco networks a Cisco Secure ACS is used as TACACS+ and RADIUS server. The protocol should be selected in compliance with company policy, so both configurations are described here.

4.4.3 Configuration of RADIUS

The following steps are necessary to integrate an SB9 into RADIUS authentication.

∙1. Prepare the ACS

∙2. Configure the SB9

∙3. Test the login

Step 1: Prepare the ACS

To prepare the ACS to be an authentication server for the SB9, log in to the web interface of the SB9 and perform the following configuration:

Add the device using the button “Add Entry”

Image 39

Fujitsu BX600 SB9 manual Integration into Radius and TACACS+, Configuration of Radius, Prepare the ACS

Contents

Contents Introduction Switch Connectivity Basic Multicast ServicesSwitch Management Page Introduction Recommended Solution ConfigurationAuto Negotiation Port Aggregation Network problems Shut down the affected ports to avoid loops Set up the port-channel Verify the operation of the port-channels Bring up the affected ports VLANs and Trunks Vlan Trunk between SB9 and Cisco Switch Configure the port-channels Configure Vlan trunkDefine the VLANs Gvrp Verify the Vlan trunk Running ST P 802.1D with PVST+ on Vlan Trunks Spanning Tree Protocol Running PVST+ on Vlan Trunks while disabling STP at the SB9 SB9 Rapid Spanning Tree Combining RAPID-PVST and 802.1w Combining RAPID-PVST and 802.1w after failure of Po1 Network loops SB9 SwitchConfiguration with Vlan Trunks Configure the switchesPage Page STP Verify the configurationPage Configuration without Vlan Trunks Configuration example Rstp without Vlan trunksPage Mode Type State Role Enabled Forwarding Designated Disabled Enabled Disabled PC Mbr Manual forwarding Interface BX600 port mapping Access Port and NIC Configuration Configure the access ports of the switches Typical access port configuration Configure the Broadcom NIC Page Configure the Intel Adapter Page Select Switch Fault Tolerance and press Next Press Finish Link State Configure a Link State Group Enable Igmp snooping at all Layer 2 switches Recommended solutionConfiguration Enable multicast routing and Igmp at the layer 3 switch Vlan Page Configure the SB9 for logging and syslog Configuration of syslog and SntpConfigure the SB9 for unicast Sntp Configure the SB9 for broadcast Sntp Test the configuration Snmp Configuration of SnmpConfigure Snmp for SNMPv1 and SNMPv2c Configure SNMPv3 authentication Test the login Remote Console AccessConfiguration of SSH Configure the SB9 Configuration of Radius Integration into Radius and TACACS+Prepare the ACS Page Specify the user’s password and press Submit Test the login Configuration of Tacacs Page Configure the SB9 Configuration of CDP Check the configurationCisco Discovery Protocol Configuration of Port Monitoring Port MonitoringFurther information in the Internet