5. Telnet Password Protection using
RADIUS Authentication
Users who access the Avaya switch or stack through Telnet, serial, or SSHv2 (password
authentication), can be authenticated against a RADIUS server. The ERS 5000, ERS 4500, and
ERS 2500 each support two different user access levels which are read-only and read-write with
support for up to two RADIUS servers. RADIUS attribute type 6, Service-Type, is used to
determine the access level. The following displays the complete list of RADIUS attribute values
for the RADIUS Service-Type attribute where value 6 (Administrative) is used for read-write
access and value 7 (NAS Prompt) is used for read-only access
Sub-registry: Values for RADIUS Attribute 6, Service-Type
Reference: [RFC2865][RFC3575]
Registration Procedures: IETF Consensus
Registry:
Value
Description
-----
-------------------------------
1
Login
2
Framed
3
Callback Login
4
Callback Framed
5
Outbound
6
Administrative
7
NAS Prompt
8
Authenticate Only
9
Callback NAS Prompt
10
Call Check
11
Callback Administrative
12
Voice
13
Fax
14
Modem Relay
15
IAPP-Register
16
IAPP-AP-Check
17
Authorize Only
18
Framed-Management
To add a RADIUS server, enter the following command to view the various configurable options:
ERS-Stackable
host
key
password
port
secondary-host
timeout
(config)# radius-server ?
RADIUS primary host
RADIUS shared secret
RADIUS password fallback
RADIUS UDP port
RADIUS secondary host
RADIUS time-out period
Avaya Inc. – External Distribution
Reference
---------
[Chiba]
[Chiba]
[Chiba]
[IEEE 802.11f][Kerry]
[IEEE 802.11f][Kerry]
[RFC3576]
[RFC5607]
avaya.com
16