Manualshelf

Reference Guide

ManualsBrandsDell ManualsserversDell Force10 S55T
601602603604605606607608609610
Security | 607
Enable and disabling privilege levels
Enter the enable or enable privilege-level command in the EXEC Privilege mode to set a users security
level. If you do not enter a privilege level, FTOS sets it to 15 by default.
To move to a lower privilege level, enter the command
disable followed by the level-number you wish to
set for the user in the EXEC Privilege mode. If you enter
disable without a level-number, your security
level is 1.
RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a distributed client/server protocol. This
protocol transmits authentication, authorization, and configuration information between a central RADIUS
server and a RADIUS client (the Dell Networking system). The system sends user information to the
RADIUS server and requests authentication of the user and password. The RADIUS server returns one of
the following responses:
Access-Accept—the RADIUS server authenticates the user
Access-Reject—the RADIUS server does not authenticate the user
If an error occurs in the transmission or reception of RADIUS packets, the error can be viewed by enabling
the
debug radius command.
Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in
plain text). RADIUS uses UDP as the transport protocol between the RADIUS server host and the client.
For more information on RADIUS, refer to RFC 2865,
Remote Authentication Dial-in User Service.
RADIUS Authentication and Authorization
FTOS supports RADIUS for user authentication (text password) at login and can be specified as one of the
login authentication methods in the
aaa authentication login command.
When configuring AAA authorization, you can configure to limit the attributes of services available to a
user. When authorization is enabled, the network access server uses configuration information from the
user profile to issue the user's session. The users access is limited based on the configuration attributes.
RADIUS exec-authorization stores a user-shell profile and that is applied during user login. You may name
the relevant named-lists with either a unique name or the default name. When authorization is enabled by
the RADIUS server, the server returns the following information to the client:
Idle time
ACL configuration information
Auto-command
Privilege level