Extreme Networks ExtremeWare XOS Guide Manual page 326
Concepts guide
Hide thumbs
Also See for ExtremeWare XOS Guide:
- Command reference manual (2024 pages) ,
- Manual (496 pages) ,
- Manual (256 pages)
Table of Contents
Advertisement
Security
RADIUS RFC 2138 Attributes
The RADIUS RFC 2138 optional attributes supported are as follows:
User-Name
●
User-Password
●
Service-Type
●
Login-IP-Host
●
RADIUS RFC 3580 Attributes
The RFC 3580 attributes for Netlogin 802.1x supported are as follows:
EAP-Message
●
Message-Authenticator
●
State
●
Termination-Action
●
Session-Timeout
●
NAS-Port-Type
●
Calling-Station-ID
●
Using RADIUS Servers with Extreme Networks Switches
Extreme Networks switches have two levels of user privilege:
Read-only
●
Read-write
●
Because no command line interface (CLI) commands are available to modify the privilege level, access
rights are determined when you log in. For a RADIUS server to identify the administrative privileges of
a user, Extreme Networks switches expect a RADIUS server to transmit the Service-Type attribute in the
Access-Accept packet, after successfully authenticating the user.
Extreme Networks switches grant a RADIUS-authenticated user read-write privilege if a Service-Type
value of 6 is transmitted as part of the Access-Accept message from the RADIUS server. Other Service-
Type values or no value, result in the switch granting read-only access to the user. Different
implementations of RADIUS handle attribute transmission differently. You should consult the
documentation for your specific implementation of RADIUS when you configure users for read-write
access.
Extreme RADIUS
Extreme Networks provides its users, free of charge, a radius server based on Merit RADIUS. Extreme
RADIUS provides per-command authentication capabilities in addition to the standard set of radius
features. Source code for Extreme RADIUS can be obtained from the Extreme Networks Technical
Assistance Center and has been tested on Red Hat Linux.
When Extreme RADIUS is up and running, the two most commonly changed files will be users and
profiles. The users file contains entries specifying login names and the profiles used for per-command
authentication after they have logged in. Sending a HUP signal to the RADIUS process is sufficient to
get changes in the users file to take place. Extreme RADIUS uses the file named profiles to specify
326
ExtremeWare XOS 11.3 Concepts Guide
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Extreme Networks ExtremeWare XOS Guide
Related Products for Extreme Networks ExtremeWare XOS Guide
- Extreme Networks ExtremeWare Command
- Extreme Networks ExtremeWare Enterprise Manager
- Extreme Networks EPICenter Guide
- Extreme Networks ExtremeXOS ScreenPlay
- Extreme Networks ExtremeWireless AP460i
- Extreme Networks ExtremeWireless AP460e
- Extreme Networks ExtremeSwitching X440-G2-24p-10GE4
- Extreme Networks ExtremeSwitching X440-G2-24t-10GE4-DC
- Extreme Networks ExtremeSwitching X440-G2-24fx-GE4
- Extreme Networks ExtremeSwitching X450-G2-24p-GE4
- Extreme Networks ExtremeSwitching X450-G2-24p-10GE4
- Extreme Networks ExtremeSwitching X460-G2-24t-10GE4
- Extreme Networks ExtremeSwitching X460-G2-24p-GE4
- Extreme Networks ExtremeSwitching X620-16x
- Extreme Networks ExtremeSwitching X670-G2-48x-4q
- Extreme Networks ExtremeSwitching X620-8t-2x