Table of Contents
Advertisement
2. ERS8600 Switch Configuration Example
For this configuration example, we will enable RADIUS user authentication on ERS8600-1 using the out-
of-band management port. We will configure the Identity Engines RADIUS server with the following three
users:
User name with read-only access: 8600ro
User name with read-write access: 8600rw
User name with read-write-all access: 8600rwa
For this example, we will break down the configuration into two parts. In part one, we will simply add AAA
services for the three users shown above. Part two is a continuation of part one with the addition of
showing how to restrict certain CLI commands. In part two, we will pick the read-write user and deny
access to QoS and filter configuration for this user.
2.1 Part 1: Basic AAA Configuation
2.1.1 ERS8600 Configuration
Assuming we are using the out-of-band management port.
2.1.1.1
Add out-of-band IP address
ERS8600-1 Step 1 – Add out-of-band IP address and route
ERS-8606:5# config bootconfig net mgmt ip 47.133.60.25/24
ERS-8606:5# config bootconfig net mgmt route add 47.0.0.0/8 47.133.60.1
2.1.1.2
Enable RADIUS
ERS8600-1 Step 1 – Add RADIUS server, enable RADIUS, and enable RADIUS accounting
ERS-8606:5# config radius server create 47.133.56.101 secret nortel priority 1
ERS-8606:5# config radius enable true
ERS-8606:5# config radius acct-enable true
ERS-8606:5# config radius acct-include-cli-commands true
Switch User Authentication using Identity Engines Ignition Server Technical Configuration Guide
[July 2010
avaya.com
8
Hide quick links:
Advertisement
Table of Contents
