User guide
3-14 E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
M
ANAGING
THE
S
WITCH
The privileges assigned to the user (admin versus non-admin) at the RADIUS server
take precedence over the configuration in the local switch database.
P
ER
-C
OMMAND
A
UTHENTICATION
U
SING
RADIUS
The RADIUS implementation can be used to perform per-command authentication.
Per-command authentication allows you to define several levels of user capabilities by
controlling the permitted command sets based on the RADIUS username and password.
You do not need to configure any additional switch parameters to take advantage of
this capability. The RADIUS server implementation automatically negotiates the
per-command authentication capability with the switch. For examples on per-command
RADIUS configurations, refer to the next section.
C
ONFIGURING RADIUS CLIENT
You can define primary and secondary server communication information, and for each
RADIUS server, the RADIUS port number to use when talking to the RADIUS server.
The default port value is 1645. The client IP address is the IP address used by the
RADIUS server for communicating back to the switch.
RADIUS commands are described in Ta b l e 3 - 2.