RADIUS Attributes for Lenovo ENOS User Privileges
© Copyright Lenovo 2018
When the user logs in, the switch authenticates his/her level of access by sending
the RADIUS access request, that is, the client authentication request, to the
RADIUS authentication server.
If the remote user is successfully authenticated by the authentication server, the
switch will verify the privileges of the remote user and authorize the appropriate
access. The administrator has two options: to allow local access via Telnet, SSH,
HTTP, or HTTPS; to allow secure local access via console, Telnet, SSH, or BBI. Secure
local access provides access to the switch when the RADIUS servers cannot be
reached.
The default NE2552E setting for local access and secure local access is disabled.
Local access is always enabled on the console port.
Whether local access is enabled or not, you can always access the switch via the
console port by using noradius as the RADIUS username. You can then enter the
username and password configured on the switch. If you are trying to connect via
SSH/Telnet/HTTP/HTTPS, there are two possibilities:
Local access is enabled: The switch acts like it is connecting via console.
Secure local access is enabled: You must enter the username: noradius. The
switch checks if RADIUS server is reachable. If it is reachable, then you must
authenticate via remote authentication server. Only if RADIUS server is not
reachable, you will be prompted for local user/password to be authenticated
against these local credentials.
All user privileges, other than those assigned to the Administrator, have to be
defined in the RADIUS dictionary. RADIUS attribute 6 which is built into all
RADIUS servers defines the administrator. The file name of the dictionary is
RADIUS vendor‐dependent. The following RADIUS attributes are defined for
Lenovo ENOS user privileges levels:
Table 8.
Lenovo ENOS‐proprietary Attributes for RADIUS
User Name/Access
User
Operator
Administrator (USERID)
User-Service-Type
Value
Vendor‐supplied
255
Vendor‐supplied
252
Vendor‐supplied
6
Chapter 5: Authentication & Authorization Protocols
103