4. Password Protection using RADIUS
Authentication
Users who access the Avaya switch through Telnet, local console, rlogin, or SSHv2 (password
authentication), can be authenticated against a RADIUS server.
RADIUS supports both IPv4 and IPv6 with no differences in functionality or configuration in all but the
following case. When you add or update a RADIUS server in Enterprise Device Manager (EDM) you must
specify if the address type is an IPv4 or an IPv6 address.
The following table displays the various RADIUS features supported on the VSP switch.
Feature
Additional user names
User configurable
The following chart displays the outbound attribute values required by the VSP switch for each access
level for RADIUS vendor identifier 1584 (Bay Networks) attribute type 192.
Access Level
None-Access
Read-Only-Access
L1-Read-Write-Access
L2-Read-Write-Access
L3-Read-Write-Access
Read-Write-Access
Read-Write-All-Access
March 2015
Table 3: RADIUS Features
Description
You can use additional user names to access the device, in addition to
the six existing user names of ro, L1, L2, L3, rw, and rwa. The RADIUS
server authenticates the user name and assigns one of the existing
access priorities to that name. Unauthenticated user names are denied
access to the device. User names ro, L1, L2, L3, rw, and rwa must be
added to the RADIUS server if authentication is enabled. Users not
added to the server are denied access.
Up to 10 RADIUS servers in each device for fault tolerance (each
server is assigned a priority and is contacted in that order).
A secret key for each server to authenticate the RADIUS client
The server UDP port
Maximum retries allowed
Time-out period for each attempt
Table 4: RADIUS Attributes
VSA Attribute 26 – Vendor Identifier 1584 Type 192 value
Avaya Inc. – External Distribution
avaya.com
0
1
2
3
4
5
6
24