If enhanced security is enabled, the following chart displays the outbound attribute values required by the
VSP switch for each access level for RADIUS vendor identifier 1584 (Bay Networks) attribute type 192.
Access Level
None-Access
Auditor
Security
Operator
Privilege
Admin
If you plan to use RADIUS with enhanced secure mode, please enable RADIUS after the
enhanced mode is enabled. If RADIUS is enabled prior to enabling the enhanced secure mode,
the RADIUS shared key must be re-entered; one must delete the shared key and re-enter it
again.
In addition, you can deny CLI commands for a user. This is done using RADIUS vendor identifier 1584
attribute types 194 and 195. Attribute type 194 needs to be set to a value of 0 while attribute 195 lists the
command you wish to deny to a user.
The following table displays the various event and logged information
Event
Accounting is turned on at
router
Accounting is turned off at
router
User logs in
More than 40 CLI commands
are executed
User logs off
March 2015
Table 5: Enhanced Security RADIUS Attributes
VSA Attribute 26 – Vendor Identifier 1584 Type 192 value
Table 6: RADIUS Events Logged
Accounting information logged at server
Accounting on request:NAS
IP address
Accounting off request: NAS IP address.
Accounting start request:NAS IP address
Session Id
User Name
Accounting Interim request:NAS IP address
Session Id
CLI commands
User Name
Accounting Stop request:NAS IP Address
Session Id
Session duration
User Name
number of input octets for session
number of octets output for session
number of packets input for session
number of packets output for session
CLI commands
Avaya Inc. – External Distribution
0
1
2
3
N/A – Not allowed by RADIUS
6
avaya.com
25