Specifications
Configuring RADIUS
SecureStack B2 Configuration Guide 19-3
EachusercanbeconfiguredintheRADIUSserverdatabasewithaRADIUSFilter‐IDattribute
thatspecifiesthenameofthepolicyprofileand/ormanagementleveltheusershouldbeassigned
uponsuccessfulauthentication.Duringtheauthenticati onprocess,whentheRADIUSserver
returnsaRADIUSAccess‐Acceptmessagethatincludes
aFilter‐IDmatchingapolicyprofilename
configuredontheswitch,theswitchthendynamicallyappliesthepolicyprofiletothephysical
porttheuser/deviceisauthenticatingon.
Filter-ID Attribute Formats
EnterasysNetworkssupportstwoFilter‐IDformats—“decorated”and“undecorated.”The
decoratedformathasthreeforms:
•Tospecifythepolicyprofiletoassigntotheauthenticatinguser(networkaccess
authentication):
Enterasys:version=1:policy=string
wherestringspecifiesthe policyprofilename.Policyprofilenamesarecase‐sensitive.
•Tospecifyamanagementlevel(managementaccess
authentication):
Enterasys:version=1:mgmt=level
wherelevelindicatesthemanagementlevel,eitherro,rw,orsu.
•Tospecifybothmanagementlevelandpolicyprofile:
Enterasys:version=1:mgmt=level:policy=string
Theundecoratedformatissimplyastringthatspecifiesapolicyprofilename.Theundecorated
formatcannotbeusedformanagementaccessauthentication.
DecoratedFilter‐IDsareprocessed
firstbytheswitch.IfnodecoratedFilter‐IDsarefound,then
undecoratedFilter‐IDsare processed.IfmultipleFilter‐IDsarefoundthatcontainconflicting
values,aSyslogmessageisgenerated.
Configuring RADIUS
Purpose
Toperformthefollowing:
•ReviewtheRADIUSclient/serverconfigurationontheswitch.
•EnableordisabletheRADIUSclient.
•Setlocalandremoteloginoptions.
•Setprimaryandsecondaryserverparameters,includingIPaddress,timeoutperiod,
authenticationrealm,andnumberofuserloginattemptsallowed.
•ResetRADIUSserversettingstodefaultvalues.
• ConfigureaRADIUS
accountingserver.