Table of Contents
Advertisement
Acct-Session-Id = "e3000000"
NAS-Port = 237
User-Name = "eap"
Acct-Status-Type = Stop
Acct-Input-Octets = 9288
Acct-Output-Octets = 5800
Acct-Session-Time = 62
Acct-Terminate-Cause = Lost-Carrier
Client-IP-Address = 10.10.50.1
Acct-Unique-Session-Id = "6f5b9475a3d11c7b"
Timestamp = 1203615901
802.1x (EAP) user has accounting start & stop records in accounting log file
Log file on RADIUS client
8600A:6# show log file
CPU6 [02/21/08 18:43:53] EAP INFO Port 3/46 connecting
CPU6 [02/21/08 18:43:58] EAP INFO Port 3/46 authenticating
CPU6 [02/21/08 18:43:58] EAP INFO Bkend state of Port 3/46 - Recd Respose
from supplicant
CPU6 [02/21/08 18:43:59] EAP INFO Bkend state of Port 3/46 - Recd EAP request
from Server
CPU6 [02/21/08 18:43:59] EAP INFO Bkend state of Port 3/46 - Recd Respose
from supplicant
CPU6 [02/21/08 18:43:59] EAP INFO Bkend state of Port 3/46 - Recd accept from
server
CPU6 [02/21/08 18:43:59] EAP INFO User eap on Port 3/46 is authenticated
2.5.7 ERS 8600, 8300 and 1600 – RADIUS User Access Profile
For this example, we will connect to the switch using telnet via a read-write (rw) user. This user has a
special profile, it is based on read-write access level but some commands have been disabled (―config ip‖
and ―test‖).
You must configure the following three returnable attributes for each user on RADIUS server in
/etc/raddb/users
Access priority (single instance) - the access levels currently available on ERS 8600: ro, l1, l2, l3,
rw, rwa.
Command access (single instance) - indicates whether the CLI commands configured on the
RADIUS server are allowed or disallowed for the user.
CLI commands (multiple instances) - the list of commands that the user can/cannot use. The user
cannot include allow and deny commands in the list of multiple commands; the commands must
be either all allow or all deny.
Authentication, Authorization and Accounting (AAA) for ERS and ES
November 2010
Technical Configuration Guide
avaya.com
27
Advertisement
Table of Contents
