Table 5: Enhanced Security Radius Attributes; Table 6: Radius Events Logged - Avaya VSP 4000 Technical Configuration Manual

If enhanced security is enabled, the following chart displays the outbound attribute values required by the
VSP switch for each access level for RADIUS vendor identifier 1584 (Bay Networks) attribute type 192.
Access Level
None-Access
Auditor
Security
Operator
Privilege
Admin
If you plan to use RADIUS with enhanced secure mode, please enable RADIUS after the

enhanced mode is enabled. If RADIUS is enabled prior to enabling the enhanced secure mode,
the RADIUS shared key must be re-entered; one must delete the shared key and re-enter it
again.
In addition, you can deny CLI commands for a user. This is done using RADIUS vendor identifier 1584
attribute types 194 and 195. Attribute type 194 needs to be set to a value of 0 while attribute 195 lists the
command you wish to deny to a user.
The following table displays the various event and logged information
Event
Accounting is turned on at
router
Accounting is turned off at
router
User logs in
More than 40 CLI commands
are executed
User logs off
March 2015

Table 5: Enhanced Security RADIUS Attributes

VSA Attribute 26 – Vendor Identifier 1584 Type 192 value

Table 6: RADIUS Events Logged

Accounting information logged at server
 Accounting on request:NAS
 IP address
 Accounting off request: NAS IP address.
 Accounting start request:NAS IP address
 Session Id
 User Name
 Accounting Interim request:NAS IP address
 Session Id
 CLI commands
 User Name
 Accounting Stop request:NAS IP Address
 Session Id
 Session duration
 User Name
 number of input octets for session
 number of octets output for session
 number of packets input for session
 number of packets output for session
 CLI commands
Avaya Inc. – External Distribution
0
1
2
3
N/A – Not allowed by RADIUS
6
avaya.com
25