Extreme Networks ExtremeWare XOS Guide Manual page 244

Security
RADIUS RFC 2138 Attributes
The RADIUS RFC 2138 optional attributes supported are as follows:
User-Name
●
User-Password
●
Service-Type
●
Login-IP-Host
●
RADIUS RFC 3580 Attributes
The RFC 3580 attributes for Netlogin 802.1x supported are as follows:
EAP-Message
●
Message-Authenticator
●
State
●
Termination-Action
●
Session-Timeout
●
NAS-Port-Type
●
Calling-Station-ID
●
Using RADIUS Servers with Extreme Networks Switches
Extreme Networks switches have two levels of user privilege:
Read-only
●
Read-write
●
Because no command line interface (CLI) commands are available to modify the privilege level, access
rights are determined when you log in. For a RADIUS server to identify the administrative privileges of
a user, Extreme Networks switches expect a RADIUS server to transmit the Service-Type attribute in the
Access-Accept packet, after successfully authenticating the user.
Extreme Networks switches grant a RADIUS-authenticated user read-write privilege if a Service-Type
value of 6 is transmitted as part of the Access-Accept message from the RADIUS server. Other Service-
Type values or no value, result in the switch granting read-only access to the user. Different
implementations of RADIUS handle attribute transmission differently. You should consult the
documentation for your specific implementation of RADIUS when you configure users for read-write
access.
Cistron RADIUS
Cistron RADIUS is a popular server, distributed under GPL. Cistron RADIUS can be found at:
http://www.miquels.cistron.nl/radius/
When you configure the Cistron server for use with Extreme switches, you must pay close attention to
the users file setup. The Cistron RADIUS dictionary associates the word Administrative-User with
Service-Type value 6, and expects the Service-Type entry to appear alone on one line with a leading tab
character.
ExtremeWare XOS 11.1 Concepts Guide
244