Table of Contents
Advertisement
2.5.4 ERS 1600, 8300 and 8600 – Read-Only User
For this example, we will connect to the switch using telnet via a read-only (ro) user.
Telnet to Switch with read-only user (ro) type some commands
8600A:6> show date
local time:
THU FEB 21 18:08:44 2008 METDST
hardware time: THU FEB 21 17:08:44 2008 UTC
8600A:6> config ?
Sub-Context: cli log
Current Context:
Info
8600A:6> exit
Read-only user in this example does not have access to switch configuration.
Log file on RADIUS server - /var/log/radius/radius.log
Thu Feb 21 18:08:07 2008 : Auth: Login OK: [ro] (from client 8600 port 1)
Log file on RADIUS server - /var/log/radius/radacct/10.10.50.1/auth-detail-20080221
Optional file, need to configure /etc/raddb/radiusd.conf
Thu Feb 21 18:08:07 2008
User-Name = "ro"
NAS-IP-Address = 10.10.50.1
NAS-Port = 1
Client-IP-Address = 10.10.50.1
Timestamp = 1203613687
Please note that the client-IP-Address is equal to NAS-IP-Address which is not correct. The
client-IP-Address is the station where telnet has been issued, which is 10.10.50.10. The reason
is the switch does not provide a Client-IP-address field (see sniffer trace). Application artificially
copy field.
Log file on RADIUS server - /var/log/radius/radacct/10.10.50.1/detail-20080221
Thu Feb 21 18:08:07 2008
Acct-Status-Type = Start
NAS-IP-Address = 10.10.50.1
Acct-Session-Id = "1ef400000012"
User-Name = "ro"
Client-IP-Address = 10.10.50.1
Acct-Unique-Session-Id = "fae1055b429ca034"
Timestamp = 1203613687
Authentication, Authorization and Accounting (AAA) for ERS and ES
November 2010
Technical Configuration Guide
avaya.com
22
Advertisement
Table of Contents
