Configuring Radius Authorization For User Privileged Access And Network Services - Allen-Bradley Stratix 5100 User Manual

Chapter 14 Configuring RADIUS and TACACS+ Servers
418
entries on the same RADIUS server configured for the same services. The second
host entry acts as a fail-over backup to the first entry.
AP(config)# aaa new-model
AP(config)# radius-server host 172.20.0.1 auth-port
1000 acct-port 1001
AP(config)# radius-server host 172.10.0.1 auth-port
1645 acct-port 1646
AP(config)# aaa group server radius group1
AP(config-sg-radius)# server 172.20.0.1 auth-port
1000 acct-port 1001
AP(config-sg-radius)# exit
AP(config)# aaa group server radius group2
AP(config-sg-radius)# server 172.20.0.1 auth-port
2000 acct-port 2001
AP(config-sg-radius)# exit
Configuring RADIUS Authorization for User Privileged Access and
Network Services
AAA authorization limits the services available to a user. When AAA
authorization is enabled, the access point uses information retrieved from the
user's profile, that is in the local user database or on the security server, to
configure the user's session. The user is granted access to a requested service only
if the information in the user profile allows it.
This section describes setting up authorization for access point administrators,
TIP
not for wireless client devices.
You can use the
aaa authorization
the keyword to set parameters that restrict a user's network access to
radius
privileged EXEC mode.
The
aaa authorization exec radius local
authorization parameters:
• Use RADIUS for privileged EXEC access authorization if authentication
was performed by using RADIUS.
• Use the local database if authentication was not performed by using
RADIUS.
Authorization is bypassed for authenticated users who log in through CLI even
TIP
if authorization has been configured.
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
global configuration command with
command sets these