Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

361

362

363

364

365

366

367

368

369

370

role, and many users can have the same role. When you enter a user role, you are authenticated and authorized. You do not need to enter

an enable password because you are automatically placed in EXEC mode.

OS10 supports the constrained RBAC model. With this model, you can inherit permissions when you create a new user role, restrict or add

commands a user can enter, and set the actions the user can perform. This allows greater exibility when assigning permissions for each

command to each role. Using RBAC is easier and more ecient to administer user rights. If a user’s role matches one of the allowed user

roles for that command, command authorization is granted.

A constrained RBAC model provides separation of duty as well as greater security. A constrained model place some limitations on each

role’s permissions to allow you to partition tasks. Some inheritance is possible. For greater security, only some user roles can view events,

audits, and security system logs.

RADIUS server host

When conguring a RADIUS server host, you can set dierent communication parameters, such as a user datagram protocol (UDP) port,

key password, number of retries, and timeout.

1 Enter the host name or IP address of the RADIUS server host in CONFIGURATION mode.

radius-server host [hostname | ip-address] [auth-port port-number | key authentication-key

2 Save the conguration.

do commit

The default RADIUS authentication port is 1812.

To congure multiple RADIUS server hosts, congure the radius-server host command multiple times. If you congure multiple

RADIUS server hosts, OS10 attempts to connect with them in the order you congured them. When the system attempts to authenticate a

user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject

response.

If you want to change an optional parameter setting for a specic host, use the radius-server host command.

Congure RADIUS server host

OS10(config)# radius-server host 1.2.4.5

OS10(config)# do commit

View RADIUS server host conguration

OS10# show running-configuration

...

radius-server host 1.2.4.5 key mysecret

...

Delete RADIUS server host

OS10# no radius server host 1.2.4.5

Server host settings

Congure global communication parameters and specic host parameters for the RADIUS server. If you congure both global and specic

host parameters, the specic host parameters override the global parameters for that RADIUS server host.

1 Congure the authentication key for all RADIUS communications between the system and RADIUS server hosts in CONFIGURATION

mode. Enter 7 to encrypt the password, or 0 to keep the password as plain-text.

radius-server key authentication-key

364

System management