Radius Authentication Features In Enterprise Nos; Switch User Accounts - Lenovo RackSwitch G8264 Application Manual

RADIUS Authentication Features in Enterprise NOS

Switch User Accounts

108
G8264 Application Guide for ENOS 8.4
ENOS supports the following RADIUS authentication features:
 Supports RADIUS client on the switch, based on the protocol definitions in RFC
2138 and RFC 2866.
 Allows RADIUS secret password up to 32 bytes and less than 16 octets.
Supports secondary authentication server so that when the primary authentication

server is unreachable, the switch can send client authentication requests to the
secondary authentication server. Use the following command to show the
currently active RADIUS authentication server:
RS G8264# show radius­server
 Supports user‐configurable RADIUS server retry and time‐out values:
Time‐out value = 1‐10 seconds

Retries = 1‐3

The switch will time out if it does not receive a response from the RADIUS
server in 1‐3 retries. The switch will also automatically retry connecting to the
RADIUS server before it declares the server down.
Supports user‐configurable RADIUS application port. The default is

1812/UDP‐based on RFC 2138. Port 1645 is also supported.
 Allows network administrator to define privileges for one or more specific users
to access the switch at the RADIUS user database.
The user accounts listed in Table
file.
Table 6.
User Access Levels
User Account Description and Tasks Performed
User The User has no direct responsibility for switch
management. They can view all switch status
information and statistics but cannot make any
configuration changes to the switch.
Operator The Operator manages all functions of the switch.
The Operator can reset ports, except the
management port.
Administrator The super‐user Administrator has complete access
to all commands, information, and configuration
commands on the switch, including the ability to
change both the user and administrator passwords.
6 can be defined in the RADIUS server dictionary
Password
user
oper
admin