RADIUS Attributes for Enterprise NOS User Privileges
© Copyright Lenovo 2017
When the user logs in, the switch authenticates his/her level of access by sending
the RADIUS access request, that is, the client authentication request, to the
RADIUS authentication server.
If the remote user is successfully authenticated by the authentication server, the
switch will verify the privileges of the remote user and authorize the appropriate
access. The administrator has two options: to allow backdoor access via Telnet, SSH,
HTTP, or HTTPS; to allow secure backdoor access via Telnet, SSH, or BBI. Backdoor
and secure backdoor provides access to the switch when the RADIUS servers
cannot be reached.
The default G8264CS setting for backdoor and secure backdoor access is
disabled. Backdoor and secure backdoor access is always enabled on the console
port.
Irrespective of backdoor/secure backdoor being enabled or not, you can always
access the switch via the console port by using noradius as radius username. You
can then enter the username and password configured on the switch. If you are
trying to connect via SSH/Telnet/HTTP/HTTPS (not console port), there are two
possibilities:
Backdoor is enabled: The switch acts like it is connecting via console.
Secure backdoor is enabled: You must enter the username: noradius. The switch
checks if RADIUS server is reachable. If it is reachable, then you must
authenticate via remote authentication server. Only if RADIUS server is not
reachable, you will be prompted for local user/password to be authenticated
against these local credentials.
All user privileges, other than those assigned to the Administrator, have to be
defined in the RADIUS dictionary. RADIUS attribute 6 which is built into all
RADIUS servers defines the administrator. The file name of the dictionary is
RADIUS vendor‐dependent. The following RADIUS attributes are defined for
G8264CS user privileges levels:
Table 7.
Enterprise NOS‐proprietary Attributes for RADIUS
User Name/Access
User
Operator
Admin
User-Service-Type
Vendor‐supplied
Vendor‐supplied
Vendor‐supplied
Chapter 5: Authentication & Authorization Protocols
Value
255
252
6
101