Configuring Ssr Access Security; Configuring Radius - Cabletron Systems SmartSwitch Router User's Reference Manual

Chapter 18: Security Configuration Guide

Configuring SSR Access Security

This section describes the following methods of controlling access to the SSR:
• RADIUS
• TACACS
• TACACS Plus
• Passwords

Configuring RADIUS

You can secure login or Enable mode access to the SSR by enabling a Remote
Authentication Dial-In Service (RADIUS) client. A RADIUS server responds to the SSR
RADIUS client to provide authentication.
You can configure up to five RADIUS server targets on the SSR. A timeout is set to tell the
SSR how long to wait for a response from RADIUS servers.
To configure RADIUS security, enter the following commands in Configure mode:
Specify a RADIUS server.
Set the RADIUS time to wait for a
RADIUS server reply.
Determine the SSR action if no
server responds.
Enable RADIUS.
Cause RADIUS authentication at
user login or when user tries to
access Enable mode.
Logs specified types of command
to RADIUS server.
Logs to RADIUS server when
shell is stopped or started on SSR.
Logs to RADIUS server SNMP
changes to startup or active
configuration.
Logs specified type(s) of
messages to RADIUS server.
272
radius set server <hostname or IP-addr>
radius set timeout
radius set last-resort password|succeed
radius enable
radius authentication login|enable
radius accounting command level <
radius accounting shell start|stop|all
radius accounting snmp active|startup
radius accounting system
fatal|error|warning|info
SmartSwitch Router User Reference Manual
<number>
level
>