2–Planning
Security
2-26 59265-02 B
To secure F_Ports and E_Ports, and pass authorization and authentication to a
RADIUS server:
1. Configure the Radius_1 host as a RADIUS server on Switch_1 and
Switch_2 to authenticate device logins, as shown in the following table:
Specify the server IP address and the secret with which the switches will
authenticate with the server. Configure the switches so that devices
authenticate through the switches only if the RADIUS server is unavailable.
2. Create a security set (Security_Set_1) on Switch_1.
a. Create a port group (Group_Port_1) in Security_Set_1 with Switch_1
and Adapter_1 as members, as shown in the following:
Device Authentication
Order
RadiusLocal—Authenticate devices using the
RADIUS server security database first. If the RADIUS
server is unavailable, use the local switch security
database.
Total Servers 1—Enables support for one RADIUS server
Device Authentication
Server
True—Enables Radius_1 to authenticate device log-
ins.
Server IP Address 10.20.30.40
Secret 1234567890123456—16-character ASCI string (MD5
hash). This is the secret that allows direct communica-
tion with the RADIUS server.
Switch_1 Node WWN: 10:00:00:c0:dd:07:e3:4c
Authentication: CHAP
Primary Hash: MD5
Primary Secret: 0123456789abcdef
Adapter_1 Node WWN: 10:00:00:c0:dd:07:c3:4d
Authentication: CHAP
Primary Hash: MD5
Primary Secret: fedcba9876543210
