Extreme Networks ExtremeWare XOS Guide Manual page 246
Concepts guide
Hide thumbs
Also See for ExtremeWare XOS Guide:
- Command reference manual (2024 pages) ,
- Manual (698 pages) ,
- Command reference manual (970 pages)
Table of Contents
Advertisement
Security
get changes in the users file to take place. Extreme RADIUS uses the file named profiles to specify
command lists that are either permitted or denied to a user based on their login identity. Changes to the
profiles file require the RADIUS server to be shutdown and restarted. Sending a HUP signal to the
RADIUS process is not enough to force changes to the profiles file to take effect.
When you create command profiles, you can use an asterisk to indicate any possible ending to any
particular command. The asterisk cannot be used as the beginning of a command. Reserved words for
commands are matched exactly to those in the profiles file. Due to the exact match, it is not enough to
simply enter "sh" for "show" in the profiles file, the complete word must be used. Commands can still
be entered in the switch in partial format.
When you use per-command authentication, you must ensure that communication between the
switch(es) and radius server(s) is not lost. If the RADIUS server crashes while users are logged in, they
will have full administrative access to the switch until they log out. Using two RADIUS servers and
enabling idle timeouts on all switches will greatly reduce the chance of a user gaining elevated access
due to RADIUS server problems.
RADIUS Server Configuration Example (Merit)
Many implementations of RADIUS server use the publicly available Merit
get a copy, search for the server on the web site at:
www.merit.edu
Included below are excerpts from relevant portions of a sample Merit RADIUS server implementation.
The example shows excerpts from the client and user configuration files. The client configuration file
(
) defines the authorized source machine, source name, and access level. The user
ClientCfg.txt
configuration file (
) defines username, password, and service type information.
users
ClientCfg.txt
#Client Name
Key
#----------------
---------------
#10.1.2.3:256
test
#pm1
%^$%#*(&!(*&)+
#pm2
:-):-(;^):-}!
#merit.edu/homeless hmoemreilte.ses
#homeless
testing
#xyz.merit.edu
moretesting
#anyoldthing:1234
whoknows?
10.202.1.3
andrew-linux
10.203.1.41
eric
10.203.1.42
eric
10.0.52.14
samf
users
user
Password = ""
Filter-Id = "unlim"
admin
Password = "", Service-Type = Administrative
Filter-Id = "unlim"
eric
Password = "", Service-Type = Administrative
Filter-Id = "unlim"
albert
Password = "password", Service-Type = Administrative
ExtremeWare XOS 11.1 Concepts Guide
[type]
[version]
--------------
---------
type = nas
v2
type=nas
type nas
type proxy
v1
type=Ascend:NAS v1
type=NAS+RAD_RFC+ACCT_RFC
type=nas
type=nas
type=nas
type=nas
©
AAA server application. To
[prefix]
--------
pfx
pm1.
pm2.
246
Advertisement
Table of Contents
Related Manuals for Extreme Networks ExtremeWare XOS Guide
Related Products for Extreme Networks ExtremeWare XOS Guide
- Extreme Networks ExtremeWare Command
- Extreme Networks ExtremeWare Enterprise Manager
- Extreme Networks EPICenter Guide
- Extreme Networks ExtremeXOS ScreenPlay
- Extreme Networks ExtremeWireless AP460i
- Extreme Networks ExtremeWireless AP460e
- Extreme Networks ExtremeSwitching X440-G2-24p-10GE4
- Extreme Networks ExtremeSwitching X440-G2-24t-10GE4-DC
- Extreme Networks ExtremeSwitching X440-G2-24fx-GE4
- Extreme Networks ExtremeSwitching X450-G2-24p-GE4
- Extreme Networks ExtremeSwitching X450-G2-24p-10GE4
- Extreme Networks ExtremeSwitching X460-G2-24t-10GE4
- Extreme Networks ExtremeSwitching X460-G2-24p-GE4
- Extreme Networks ExtremeSwitching X620-16x
- Extreme Networks ExtremeSwitching X670-G2-48x-4q
- Extreme Networks ExtremeSwitching X620-8t-2x