4
Configuring RADIUS security
Example
BigIron RX(config)#show web
User
set
Syntax: show web
Configuring RADIUS security
You can use a Remote Authentication Dial In User Service (RADIUS) server to secure the following
types of access to the device:
•
•
•
•
NOTE
The device does not support RADIUS security for SNMP (IronView Network Manager) access.
RADIUS authentication, authorization, and accounting
When RADIUS authentication is implemented, the device consults a RADIUS server to verify user
names and passwords. You can optionally configure RADIUS authorization, in which the device
consults a list of commands supplied by the RADIUS server to determine whether a user can
execute a command he or she has entered, as well as accounting, which causes the device to log
information on a RADIUS accounting server when specified events occur on the device.
NOTE
By default, a user logging into the device through Telnet or SSH first enters the User EXEC level. The
user can then enter the enable command to get to the Privileged EXEC level.
A user that is successfully authenticated can be automatically placed at the Privileged EXEC level
after login. Refer to
RADIUS authentication
When RADIUS authentication takes place, the following events occur.
1. A user attempts to gain access to the device by doing one of the following:
2. The user is prompted for a username and password.
3. The user enters a username and password.
4. The device sends a RADIUS Access-Request packet containing the username and password to
96
Telnet access
SSH access
Web management access
Access to the Privileged EXEC level and CONFIG levels of the CLI
"Entering privileged EXEC mode after a Telnet or SSH login"
•
Logging into the device using Telnet, SSH, or the Web management interface
•
Entering the Privileged EXEC level or CONFIG level of the CLI
the RADIUS server.
Privilege
IP address
0
192.168.1.234
on page 104.
BigIron RX Series Configuration Guide
53-1001810-01