Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

141

142

143

144

145

146

147

148

149

150

Chapter 5: System Security Efficient Networks

Router family

Technical Reference Guide

Page 5-10 Efficient Networks

Changing account access

The Access Privileges for an account can be added or deleted with the following

commands:

-> user add access lan myname

-> user delete access console myname

Adding a read only class account

In the following example, a user account is created with read-only privilege for the

management class operations defined in the Network template; the user is enabled

and can access the router.

-> user add user myname secret network read enable

To add a user account is created with read-only privilege for the management class

operations defined in the Network template; the user is enabled and can access the

router.

-> user add user myname secret network read enable

Radius

Remote Authentication Dial In User Service or (RADIUS) is client-server based

access control and authentication feature. The RADIUS client is a key-enabled

feature that resides locally on the router and works in conjunction with a variety of

RADIUS Server applications.

The client is responsible for passing user information to designated RADIUS servers,

and then acting on the response which is returned. RADIUS servers are responsible

for receiving user connection requests, authenticating the user, and then returning all

configuration information necessary for the client to deliver service to the user.

When the router is configured to use RADIUS, a user attempting to login presents

authentication information (Username and Password) to the router. Upon receipt, the

router will, if defined in the User Lookup setting, attempt to authenticate using

RADIUS. To do so, the router’s RADIUS Client creates an "access-request"

containing username, the user's password, method in which the user is accessing the

system. The password is hidden using a method based on the RSA Message Digest

Algorithm MD5 [3].

The Access-Request is submitted to the RADIUS server via the network. If no

response is returned within a length of time, the request is re-sent a specified number

of times. The router’s RADIUS client can also forward requests to a secondary server

in the event that the primary server is down or unreachable.