Avaya P580 User Manual page 134

Chapter 4
CLI Command
4-26
Table 4-3. RADIUS Web Page Configuration Parameters
Parameter Definition
Group Enter the ASCII Group name.The Group name will be
included in the Access Request message sent to the
RADIUS server.
This implies that user accounts are configured with a Group
name on the RADIUS server and that the Vendor Specific
Attributes are set for the user accounts.
Retry Number Enter the number of times to re-send the Access Request
message if there is no response.
Retry Time Enter the time (in seconds) to wait before re-sending an
Access Request message.
UDP Port Enter the UDP port number. The default value is 1812.
Valid options are 1812 or 1645 only.
Switch-Service- If enabled, the switch will only honor Access Accept
Type Required messages that have the correct Group name included. This
setting prevents the switch from incorrectly allowing access
to users that may have a user account on the RADIUS
server but should not be allowed access to the switch.
This could occur if user "Bob" has a Standard RADIUS
user account with Administrator (or Read-Only) privileges.
When Bob logs in, the RADIUS server will authenticate
him and respond with an Access Accept message of
Administrator but will not include the VSAs and Group
name associated with the Avaya switch. This implies
anyone who has a Standard Account will be able to log into
the Avaya switch.
By enabling this setting and explicitly configuring user
accounts with the switch-specific attributes and Group
name, you will have tighter control over the security of the
Avaya switch.
To configure a RADIUS client using the CLI, use the following CLLI
command:
(configure)# set radius authentication <parameters>
User Guide for the Avaya P580 and P882 Multiservice Switches, v6.0
2 of 2