Extreme Networks ExtremeWare XOS Guide Manual page 329
Concepts guide
Hide thumbs
Also See for ExtremeWare XOS Guide:
- Command reference manual (2024 pages) ,
- Manual (496 pages) ,
- Manual (256 pages)
Table of Contents
Advertisement
Filter-Id = "unlim"
albert
Password = "password", Service-Type = Administrative
Filter-Id = "unlim"
samuel
Password = "password", Service-Type = Administrative
Filter-Id = "unlim"
RADIUS Per-Command Configuration Example
Building on this example configuration, you can use RADIUS to perform per-command authentication
to differentiate user capabilities. To do so, use the Extreme-modified RADIUS Merit software that is
available from the Extreme Networks by contacting Extreme Networks technical support. The software
is available in compiled format for Solaris
format. For all clients that use RADIUS per-command authentication, you must add the following type
to the client file:
type:extreme:nas + RAD_RFC + ACCT_RFC
Within the
configuration file, additional keywords are available for
users
. To use per-command authentication, enable the CLI authorization function and
CLI-Authorization
indicate a profile name for that user. If authorization is enabled without specifying a valid profile, the
user is unable to perform any commands.
Next, define the desired profiles in an ASCII configuration file called
named profiles of exact or partial strings of CLI commands. A named profile is linked with a user
through the
file. A profile with the
users
A profile with the
keyword allows use of all commands except the listed commands.
deny
CLI commands can be defined easily in a hierarchal manner by using an asterisk (*) to indicate any
possible subsequent entry. The parser performs exact string matches on other text to validate
commands. Commands are separated by a comma (,) or newline.
Looking at the following example content in profiles for the profile named
keyword, the following attributes are associated with the user of this profile:
deny
Cannot use any command starting with
●
Cannot issue the
●
disable ipforwarding
Cannot issue a
●
show switch
Can perform all other commands.
●
We know from the
users
able to log in, but is unable to perform any commands, because he has no valid profile assigned.
In
, a user associated with this profile can use any
PROFILE2
command and the
show management
also know from the
users
The following lists the contents of the file
user
Password = ""
Filter-Id = "unlim"
admin
Password = "", Service-Type = Administrative
Filter-Id = "unlim"
ExtremeWare XOS 11.3 Concepts Guide
™
or Linux
permit on
enable
command.
command.
file that this applies to the users
command, but can perform no other functions on the switch. We
file that
has these capabilities.
gerald
with support for per-command authentication:
users
Authenticating Users Using RADIUS or TACACS+
™
operating systems, as well as in source code
Profile-Name
profiles
keywords allows use of only the listed commands.
PROFILE1
.
and
albert
lulu
command, the
enable
and
Extreme-
. This file contains
, which uses the
. We also know that
eric
clear counters
is
329
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Extreme Networks ExtremeWare XOS Guide
Related Products for Extreme Networks ExtremeWare XOS Guide
- Extreme Networks ExtremeWare Command
- Extreme Networks ExtremeWare Enterprise Manager
- Extreme Networks EPICenter Guide
- Extreme Networks ExtremeXOS ScreenPlay
- Extreme Networks ExtremeWireless AP460i
- Extreme Networks ExtremeWireless AP460e
- Extreme Networks ExtremeSwitching X440-G2-24p-10GE4
- Extreme Networks ExtremeSwitching X440-G2-24t-10GE4-DC
- Extreme Networks ExtremeSwitching X440-G2-24fx-GE4
- Extreme Networks ExtremeSwitching X450-G2-24p-GE4
- Extreme Networks ExtremeSwitching X450-G2-24p-10GE4
- Extreme Networks ExtremeSwitching X460-G2-24t-10GE4
- Extreme Networks ExtremeSwitching X460-G2-24p-GE4
- Extreme Networks ExtremeSwitching X620-16x
- Extreme Networks ExtremeSwitching X670-G2-48x-4q
- Extreme Networks ExtremeSwitching X620-8t-2x