User's Manual
RADIUS Server Authentication
25
Horizon Compact Plus Release 1.0.1 Wireless Ethernet Product User Manual – Volume 2
6.1 Configuring the RADIUS Server
To support the DragonWave RADIUS application, each RADIUS server on the network must be
provided with a Vendor Specific Attribute (VSA) file. The VSA file contains the definition of the
DragonWave user privilege level (Admin, NOC, Super-User) allocated to users. User definitions can use
the DragonWave-Privilege-Level attribute to assign access privileges. If the VSA is missing, then the
RADIUS logs the user in at an Admin level only. If a VSA is present, but is invalid, then access is
denied.
A typical VSA file is shown below. Without the DragonWave-Privilege-Level attribute AND with “radius
super user strict on”, users cannot gain access to the device using CLI.
Note that the Web server does not use RADIUS authentication at all. If you want the system to be
100% RADIUS secured, then you need to disable the Web server (set web server off).
############################################################################
##
# DragonWave VSAs
#
############################################################################
#
VENDOR DragonWave 7262
BEGIN-VENDOR DragonWave
# Used to determine the user login privilege level.
ATTRIBUTE DragonWave-Privilege-Level 1 integer
# Read-only access.
VALUE DragonWave-Privilege-Level DragonWave-Admin-User 1
# Limited read-write access.
VALUE DragonWave-Privilege-Level DragonWave-NOC-User 2
# Unlimited read-write access.
VALUE DragonWave-Privilege-Level DragonWave-Super-User 3
END-VENDOR DragonWave