2 Managing fabrics

This section describes the following tasks that manage fabrics:

RADIUS servers, page 25

Securing a fabric, page 30

Tracking fabric firmware and software versions, page 38

Managing the fabric database, page 39

Displaying fabric information, page 42

Working with device information and nicknames, page 47

Zoning a fabric, page 50

RADIUS servers

Remote Authentication Dial In User Service (RADIUS) provides a method to centralize the management of authentication passwords in larger networks. It has a client/server model, where the server is the password repository and third party authentication point and the clients are all of the managed devices. RADIUS can be configured for devices and/or user accounts. The RADIUS server dialogs are available only on a secure (SSL) fabric and on the entry switch (out of band switch). Refer to ”Connection security” on page 30 and ”System Services dialog” on page 80 for more information.

RADIUS is designed to authenticate users and devices using a challenge/response protocol. Basic implementations consist of a central RADIUS server containing a database of authorized users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user issues a challenge to the user and collects the response to the challenge. This information is forwarded to the RADIUS server for authentication and the server responds with the results, either an accept or reject. The RADIUS client does not need to be configured with any user authentication information, this all resides on the RADIUS server and can be managed centrally and separately from the clients. In addition, no passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a RADIUS client to the server and responses from the server to a client can also be authenticated. This requires sharing a secret between the server and client. The accounting RADIUS supports the auditing of the users and switch services such as Telnet, FTP, and switch management applications. The RADIUS Accounting Server enables (True) or disables (False) the auditing of activity during a user session. The default is False. When enabled, user activity is audited whether UserAuthServer is enabled or not. The accounting server UDP port number is the ServerUDPPort value plus 1 (default 1813).

McDATA® 4Gb SAN Switch for HP p-Class BladeSystem user guide 25

Page 25
Image 25
HP AA-RW20A-TE manual Managing fabrics, Radius servers