Users Guide
• Auto-Command
• Privilege Levels Overview
After gaining authorization for the rst time, you may congure these attributes.
NOTE: RADIUS authentication/authorization is done for every login. There is no dierence between rst-time login and
subsequent logins.
Idle Time
Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used.
RADIUS species idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values
(congured or default) is used. The idle-time value is updated if both of the following happens:
• The administrator changes the idle-time of the line on which the user has logged in.
• The idle-time is lower than the RADIUS-returned idle-time.
ACL Conguration Information
The RADIUS server can specify an ACL. If an ACL is congured on the RADIUS server, and if that ACL is present, the user may be allowed
access based on that ACL.
If the ACL is absent, authorization fails, and a message is logged indicating this.
RADIUS can specify an ACL for the user if both of the following are true:
• If an ACL is absent.
• If there is a very long delay for an entry, or a denied entry because of an ACL, and a message is logged.
NOTE
: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and TACACS) are supported.
Authorization is denied in cases using Extended ACLs.
Auto-Command
You can congure the system through the RADIUS server to automatically execute a command when you connect to a specic line.
The auto-command command is executed when the user is authenticated and before the prompt appears to the user.
• Automatically execute a command.
auto-command
Setting Access to Privilege Levels through RADIUS
To congure a privilege level for the user to enter into when they connect to a session, use the following command.
Congure a privilege level for the user to enter into when they connect to a session through the RADIUS server.
privilege level
Security
721