Table of Contents
Advertisement
Alteon Application Switch Operating System Application Guide
Securing Alteon
Backdoor Access
When both the primary and secondary authentication servers are not reachable, the administrator
has the option to allow backdoor access on a per user basis. This access is disabled by default and
must be activated for each individual user the administrator wishes to grant it to.
Note:
If a user cannot establish a connection to the RADIUS server, failover to the local backdoor
users are not permitted. This is done to avoid a DoS attack on RADIUS or Alteon allowing access.
Examples
A
The following command enables backdoor access for user 9:
>> Main# /cfg/sys/access/user/uid 9/backdoor e
B
The following command disables access for user 9:
>> Main# /cfg/sys/access/user/uid 9/backdoor d
Defining User Privileges in the RADIUS Dictionary
All user privileges, other than those assigned to the administrator, have to be defined in the RADIUS
dictionary. RADIUS attribute 6, which is built into all RADIUS servers, defines the administrator. The
filename of the dictionary is RADIUS vendor-dependent.
The following RADIUS attributes are defined for Alteon user privileges levels:
Username/Access
l1oper
l2oper
l3oper
l3admin
user
slboper
l4oper
oper
slbadmin
l4admin
crtadmin
slbadmin + crtmng
l4admin + crtmng
slbview
admin
66
Table 4: Alteon-Proprietary Attributes for RADIUS
User Service Type
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Vendor-supplied
Value
259
258
257
256
255
254
253
252
251
250
249
248
247
246
6 (pre-defined)
Document ID: RDWR-ALOS-V2900_AG1302
- Quick Links:
- Part 1-Basic Features
Hide quick links:
Advertisement
Table of Contents
