White Papers

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5000

811

812

813

814

815

816

817

818

819

820

EXEC Privilege mode

disable level-number

• level-number: The level-number you wish to set.

If you enter disable without a level-number, your security level is 1.

RADIUS

Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol.

This protocol transmits authentication, authorization, and conguration information between a central RADIUS server and a RADIUS client

(the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and

password. The RADIUS server returns one of the following responses:

• Access-Accept — the RADIUS server authenticates the user.

• Access-Reject — the RADIUS server does not authenticate the user.

If an error occurs in the transmission or reception of RADIUS packets, you can view the error by enabling the debug radius command.

Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in plain text). RADIUS uses UDP

as the transport protocol between the RADIUS server host and the client.

For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service.

RADIUS Authentication and Authorization

Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specied as one of the login

authentication methods in the aaa authentication login command.

When conguring AAA authorization, you can congure to limit the attributes of services available to a user. When authorization is enabled,

the network access server uses conguration information from the user prole to issue the user's session. The user’s access is limited

based on the conguration attributes.

RADIUS exec-authorization stores a user-shell prole and that is applied during user login. You may name the relevant named-lists with

either a unique name or the default name. When the RADIUS server enables authorization, the server returns the following information to

the client:

• Idle time

• ACL conguration information

• Auto-command

• Privilege level

After gaining authorization for the rst time, you may congure these attributes.

NOTE

: RADIUS authentication/authorization is done for every login. There is no dierence between rst-time login and

subsequent logins.

Idle Time

Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used.

RADIUS species idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values

(congured or default) is used. The idle-time value is updated if both of the following happen:

816

Security