Table of Contents
Advertisement
Overview of Security Methods
To support multiple access levels per user name, it involves sending back a different "FilterID"
attribute using some server feature to differentiate between the same user name with different
prefixes/suffixes. For example, "username@engineering" and "username@home" could each
return different access levels.
NOTE: This is a server-dependent feature.
Only one password is allowed per access level. This enables the Radius Server to track the users
accessing the switch host and how long they used the host application.
All radius values, except the server IPs and shared secrets, are assigned reasonable default values
when radius is installed on a new switch. The defaults are as follows:
• Client, disabled
• Timeout, 5 seconds
• Retry, 4
• Primary and secondary Authentication ports: 1812 (per RFC 2865)
• Last-resort for local and remote is challenge
If only one server is configured, it must be the primary server. It is not necessary to reboot after the
client is reconfigured.
The client cannot be enabled unless the primary server is configured with at least the minimum
configuration information.
NOTE: The minimum additional information that must be configured to use a server is
its IP and Shared Secret.
When the Radius Client is active on the switch, you are prompted by an authorization screen for a
user login name and password when attempting to access the host IP address via the local console
LM, Telnet to LM, or WebView application. The embedded Radius Client encrypts the
information entered by the user and sends it to the Radius Server for validation. Then the server
returns a yes or no response back to the client, allowing or denying the user to access the host
application with the proper access level.
9-6
Security Menu Screens
Advertisement
Table of Contents
