Table of Contents
Advertisement
Overview of Security Methods
On the Radius Server, each user is configured with the following:
• name
• password
• access level
The access level can be set to one of the following levels for each user name:
• super-user
• read-write
• read-only
To support multiple access levels per user name, it involves sending back a different "FilterID"
attribute using some server feature to differentiate between the same user name with different
prefixes/suffixes. For example, "username@engineering" and "username@home" could each
return different access levels.
NOTE: This is a server-dependent feature.
Only one password is allowed per access level. This enables the Radius Server to track the users
accessing the switch host and how long they used the host application.
All radius values, except the server IPs and shared secrets, are assigned reasonable default values
when radius is installed on a new switch. The defaults are as follows:
• Client, disabled
• Timeout, 20 seconds
• Retry, 3
• Primary and secondary Authentication ports: 1812 (per RFC 2865)
• Primary and secondary Accounting ports: 1813 (per RFC 2866)
• Last-resort for local and remote is challenge
If only one server is configured, it must be the primary server. It is not necessary to reboot after the
client is reconfigured.
Accessing Local Management
3-11
Advertisement
Table of Contents
