Manualshelf

Specifications

ManualsBrandsBlade Network Technologies ManualsComputer AccessoriesG8000
101102103104105106107108109110
Chapter 2. IBM System Networking Switch 10Gb Ethernet switch features 93
򐂰 Supports a user-configurable RADIUS application port. The default is UDP port 1645.
UDP port 1812, based on RFC 2138, is also supported.
򐂰 Allows network administrator to define privileges for one or more specific users to access
the switch at the RADIUS user database.
Switch user accounts
The user accounts listed in Table 2-1 can be defined in the RADIUS server dictionary file.
Table 2-1 User access levels
RADIUS attributes for IBM Networking OS user privileges
When the user logs in, the switch authenticates the user’s level of access by sending the
RADIUS access request, that is, the client authentication request, to the RADIUS
authentication server.
If the remote user is successfully authenticated by the authentication server, the switch
verifies the
privileges of the remote user and authorizes the appropriate access. The
administrator can allow secure
back door access through Telnet/SSH/BBI (or Telnet, SSH,
HTTP, and HTTPS in the case of Virtual Fabric 10Gb Switch Module for IBM BladeCenter).
Secure back door provides switch access when the RADIUS servers cannot be reached. You
always can access the switch through the console port, by using the noradius user ID and the
administrator password, whether the secure back door is enabled or not.
All user privileges, other than the ones assigned to the administrator, must be defined in the
RADIUS dictionary. RADIUS attribute 6, which is built into all RADIUS servers, defines the
administrator. The file name of the dictionary is RADIUS vendor-dependent. The following
RADIUS attributes are defined for IBM Networking OS user privileges levels:
Table 2-2 IBM System Networking switches proprietary attributes for RADIUS
User account Description and tasks performed Password
User The user has no direct responsibility for switch
management. The user can view all switch status
information and statistics, but cannot make any
configuration changes to the switch.
user
Operator The operator manages all functions of the switch. The
operator can reset ports, except the management port.
oper
Administrator The super-user administrator has complete access to
all commands, information, and configuration
commands on the switch, including the ability to
change both the user and administrator passwords.
admin
User name/access User-Service-Type Value
User Vendor-supplied 255
Operator Vendor-supplied 252
Admin Vendor-supplied 6