HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.2 administrator guide (5697-0 - Page 91

a. For the Add RADIUS Client window, provide the following: • Client address (IP or DNS)-Enter the IP address of the switch. • Client-Vendor-Select RADIUS Standard. • Shared secret-Provide a password. Shared secret is a password used between the client device and server to prevent IP address spoofing by unwanted clients. Keep your shared secret password in a safe place. You will need to enter this password in the switch configuration. After clicking Finish, add a new client for all switches on which RADIUS authentication will be used. b. In the Internet Authentication Service window, right-click the Remote Access Policies folder; and then select New Remote Access Policy from the pop-up window. A remote access policy must be created for each B-Series login role (Root, Admin, Factory, SwitchAdmin, and User) for which you want to use RADIUS. Apply this policy to the user groups that you already created. c. In the Vendor-Specific Attribute Information window, enter the vendor code value 1588. Click the Yes. It conforms radio button and then click Configure Attribute. d. In the Configure VSA (RFC compliant) window, enter the following values and click OK. Vendor-assigned attribute number-Enter the value 1. Attribute format-Enter String. Attribute value-Enter the login role (Root, Admin, SwitchAdmin, User, etc.) the user group must use to log in to the switch. e. After returning to the Internet Authentication Service window, add additional policies for all B-Series login types for which you want to use the RADIUS server. After this is done, you can configure the switch. RSA RADIUS server Traditional password-based authentication methods are based on one-factor authentication, where you confirm your identity using a memorized password. Two-factor authentication increases the security by using a second factor to corroborate identification. The first factor is either a PIN or password and the second factor is the RSA SecureID token. RSA SecurID with an RSA RADIUS server is used for user authentication. The B-Series switch does not communicate directly with the RSA Authentication Manager, so the RSA RADIUS server is used in conjunction with the switch to facilitate communication. To learn more about how RSA SecurID works, visit www.rsa.com. Setting up the RSA RADIUS server For more information on how to install and configure the RSA Authentication Manager and the RSA RADIUS server, see your documentation or visit www.rsa.com. 1. Create user records in the RSA Authentication Manager. 2. Configure the RSA Authentication Manager by adding an agent host. 3. Configure the RSA RADIUS server. Setting up the RSA RADIUS server involves adding RADIUS clients, users, and vendor specific attributes to the RSA RADIUS server. a. Add the following data to the vendor.ini file: vendor-product = Brocade dictionary = Brocade ignore-ports = no port-number-usage = per-port-type help-id = 2000 b. Create a brocade.dct (see Figure 2) file that needs to be added into the dictiona.dcm file located in the following path: C:\Program Files\RSA Security\RSA RADIUS\Service Fabric OS 6.2 administrator guide 91