4
Configuring RADIUS security
TABLE 37
Field
Tacacs+ Server
connection
The show web command displays the privilege level of Web Management Interface users.
BigIron RX(config)#show web
User
set
Syntax: show web
Configuring RADIUS security
You can use a Remote Authentication Dial In User Service (RADIUS) server to secure the following
types of access to the device:
•
•
•
•
NOTE
The BigIron RX does not support RADIUS security for SNMP (IronView Network Manager) access.
RADIUS authentication, authorization, and accounting
When RADIUS authentication is implemented, the BigIron RX consults a RADIUS server to verify
user names and passwords. You can optionally configure RADIUS authorization, in which the
BigIron RX consults a list of commands supplied by the RADIUS server to determine whether a user
can execute a command he or she has entered, as well as accounting, which causes the device to
log information on a RADIUS accounting server when specified events occur on the device.
NOTE
By default, a user logging into the device through Telnet or SSH first enters the User EXEC level. The
user can then enter the enable command to get to the Privileged EXEC level.
A user that is successfully authenticated can be automatically placed at the Privileged EXEC level
after login. Refer to
98
Output of the show aaa command for TACACS and TACACS+ (Continued)
Description
For each TACACS and TACACS+ server, the IP address, port, and the following statistics
are displayed:
opensNumber of times the port was opened for communication with the server
closesNumber of times the port was closed normally
timeoutsNumber of times port was closed due to a timeout
errorsNumber of times an error occurred while opening the port
packets inNumber of packets received from the server
packets outNumber of packets sent to the server
The current connection status. This can be "no connection" or "connection active".
Telnet access
SSH access
Web management access
Access to the Privileged EXEC level and CONFIG levels of the CLI
"Entering privileged EXEC mode after a Telnet or SSH login"
Privilege
IP address
0
192.168.1.234
on page 106.
BigIron RX Series Configuration Guide
53-1002253-01