Radius Authentication And Authorization; Idle Time - Dell Force10 MXL Blade Configuration Manual
Configuration guide for the mxl 10/40gbe switch io module
Hide thumbs
Also See for Force10 MXL Blade:
- Reference manual (732 pages) ,
- Deployment manual (89 pages) ,
- Getting started manual (38 pages)
Table of Contents
Advertisement
Transactions between the RADIUS server and the client are encrypted (the users' passwords are not sent in
plain text). RADIUS uses the user datagram protocol (UDP) as the transport protocol between the
RADIUS server host and the client.
For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service.
RADIUS Authentication and Authorization
FTOS supports RADIUS for user authentication (text password) at login and you can specify it as one of
the login authentication methods in the
When configuring AAA authorization, you can configure to limit the attributes of services available to a
user. When you enable authorization, the network access server uses configuration information from the
user profile to issue the user's session. The user's access is limited based on the configuration attributes.
RADIUS exec-authorization stores a user-shell profile and that is applied during user login. You may name
the relevant named-lists with either a unique name or the default name. When authorization is enabled by
the RADIUS server, the server returns the following information to the client:
•
Idle time
•
ACL configuration information
•
Auto-command
•
Privilege level
After gaining authorization for the first time, you may configure the following attributes:
Note: RADIUS authentication/authorization is done for every login. There is no difference between
first-time login and subsequent logins.
Idle Time
Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30
minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user
logs in, the lower of the two idle-time values (configured or default) is used. The idle-time value is updated
if both of the following happens:
•
The administrator changes the idle-time of the line on which the user has logged in.
•
The idle-time is lower than the RADIUS-returned idle-time.
ACL
The RADIUS server can specify an access control list (ACL). If an ACL is configured on the RADIUS
server, and if that ACL is present, a user may be allowed access based on that ACL. If the ACL is absent,
authorization fails, and a message is logged indicating the this.
command.
aaa authentication login
Security | 485
- Quick Links:
- Accessing the Command Line
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
