Extreme Networks Summit 300-48 Software User's Manual page 47

Extreme summit 300-48: software user guide

Hide thumbs Also See for Summit 300-48:

Software user's manual (198 pages)

Hardware installation manual (394 pages)

Hardware installation manual (112 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

Table of Contents

#homeless

#xyz.merit.edu

#anyoldthing:1234

10.202.1.3

10.203.1.41

10.203.1.42

10.0.52.14

users

user

Password = ""

Filter-Id = "unlim"

admin

Password = "", Service-Type = Administrative

Filter-Id = "unlim"

eric

Password = "", Service-Type = Administrative

Filter-Id = "unlim"

albert

Filter-Id = "unlim"

samuel

Password = "password", Service-Type = Administrative

Filter-Id = "unlim"

RADIUS Per-Command Configuration Example

Building on this example configuration, you can use RADIUS to perform per-command authentication

to differentiate user capabilities. To do so, use the Extreme-modified RADIUS Merit software that is

available from the Extreme Networks web server at

http://www.extremenetworks.com/extreme/support/otherapps.htm or by contacting Extreme

Networks technical support. The software is available in compiled format for Solaris

operating systems, as well as in source code format. For all clients that use RADIUS per-command

authentication, you must add the following type to the client file:

type:extreme:nas + RAD_RFC + ACCT_RFC

Within the

users

Extreme-CLI-Authorization

function and indicate a profile name for that user. If authorization is enabled without specifying a valid

profile, the user is unable to perform any commands.

Next, define the desired profiles in an ASCII configuration file called

named profiles of exact or partial strings of CLI commands. A named profile is linked with a user

through the

A profile with the

CLI commands can be defined easily in a hierarchal manner by using an asterisk (*) to indicate any

possible subsequent entry. The parser performs exact string matches on other text to validate

commands. Commands are separated by a comma (,) or newline.

Looking at the following example content in profiles for the profile named

keyword, the following attributes are associated with the user of this profile:

deny

• Cannot use any command starting with

• Cannot issue the

Summit 300-48 Switch Software User Guide

testing

moretesting

whoknows?

andrew-linux

eric

samf

Password = "password", Service-Type = Administrative

configuration file, additional keywords are available for

. To use per-command authentication, enable the CLI authorization

file. A profile with the

users

keyword allows use of all commands except the listed commands.

deny

disable ipforwarding

type proxy

type=Ascend:NAS v1

type=NAS+RAD_RFC+ACCT_RFC

type=nas

keywords allows use of only the listed commands.

permit on

enable

command.

Authenticating Users

™

or Linux

and

Profile-Name

. This file contains

profiles

, which uses the

PROFILE1

™

Table of Contents

Extreme Networks Summit 300-48 Software User's Manual page 47

Related Manuals for Extreme Networks Summit 300-48

Related Products for Extreme Networks Summit 300-48

Table of Contents