Manualshelf

Specifications

ManualsBrandsCabletron Systems ManualsSwitchDLE33-MA
451452453454455456457458459460
23-15
Managing Access Server Security
RADIUS User Authorizations
The ultimate value for an authorization attribute may come from one of three
sources: the RADIUS server, the realm defaults, or port characteristics, in that
order of precedence. The choices for such features are:
1. For each RADIUS realm name you define, you can set various authorization
attributes for that realm. These values serve as defaults at the realm level. This
means, that when a RADIUS user tries to login to the access server, these
values will be assigned to authorization attributes if the user entry in the
RADIUS server’s users file does not assign a value for the corresponding
attribute. If the user does not provide the attribute default in the realm, and
the corresponding attribute is not provided in the RADIUS server’s users file,
then the access server’s port characteristics are used if they have been
previously defined.
2. One of the legal settings of the attributes in the realm is NONE. This special
value connotes unspecified. In this case, when a user attempts to log in, if the
value is not specified in the RADIUS server’s entry for the user name, and has
the value NONE in the REALM, then the PORT configuration parameter
assigns the corresponding value.
The resulting value may still be unspecified, if the corresponding port
characteristic is unspecified or does not exist. Only a portion of the RADIUS
authorization attributes have a corresponding realm default or corresponding
port attribute.
User Access to the Access Server
The primary way to define a user’s type of access is to use the RADIUS server
attribute called “User-Service-Type”. The following table shows User-Service-
Type values that the access server supports:
Value Description
Login LAT/TELNET, depending on the Login-Service attribute or
DEFAULT PROTOCOL value in PORT.
Framed PPP/SLIP, depending on the Framed-Protocol attribute or
DEFAULT PROTOCOL value in PORT.
Callback-Login User is first called back, then gets login.
Callback-Framed PPP/SLIP user is first called back.
Administrative-User NAS prompt with automatic privilege.