Reference Guide
Security | 925
To move to a lower privilege level, enter the command disable followed by the level-number you wish to
set for the user in the EXEC Privilege mode. If you enter
disable without a level-number, your security
level is 1.
RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a distributed client/server protocol. This
protocol transmits authentication, authorization, and configuration information between a central RADIUS
server and a RADIUS client (the Dell Networking system). The system sends user information to the
RADIUS server and requests authentication of the user and password. The RADIUS server returns one of
the following responses:
• Access-Accept—the RADIUS server authenticates the user
• Access-Reject—the RADIUS server does not authenticate the user
If an error occurs in the transmission or reception of RADIUS packets, the error can be viewed by enabling
the
debug radius command.
Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in
plain text). RADIUS uses UDP as the transport protocol between the RADIUS server host and the client.
For more information on RADIUS, refer to RFC 2865,
Remote Authentication Dial-in User Service.
RADIUS Authentication and Authorization
FTOS supports RADIUS for user authentication (text password) at login and can be specified as one of the
login authentication methods in the
aaa authentication login command.
When configuring AAA authorization, you can configure to limit the attributes of services available to a
user. When authorization is enabled, the network access server uses configuration information from the
user profile to issue the user's session. The user’s access is limited based on the configuration attributes.
FTOS supports the following RADIUS attributes:
Code Attribute
1 RADIUS_USER_NAME
2 RADIUS_USER_PASSWORD
4 RADIUS_NAS_IP_ADDRESS
5 RADIUS_NAS_PORT
11 RADIUS_FILTER_ID (for ACL)
26 RADIUS_VENDOR_SPECIFIC (privilege level/auto-command)