Owner's Manual
482 | Chapter 17. Security
NETGEAR 8800 User Manual
Attribute 6: Service Type
NETGEAR switches have two levels of user privilege:
• Read-only
• Read-write
Because no command line interface (CLI) commands are available to modify the privilege
level, access rights are determined when you log in. For a RADIUS server to identify the
administrative privileges of a user, NETGEAR switches expect a RADIUS server to transmit
the Service-Type attribute in the Access-Accept packet, after successfully authenticating the
user.
NETGEAR switches grant a RADIUS-authenticated user read-write privilege if a
Service-Type value of 6 is transmitted as part of the Access-Accept message from the
RADIUS server. Other Service-Type values or no value, result in the switch granting
Service-Type RFC 2138 6 String Access-Accept Specifies the granted service
type in an Access-Accept
message. See
Attribute 6:
Service Type on page 482.
Session-Timeout RFC 2865 27 Integer Access-Accept,
Access-Challenge
Specifies how long the user
session can last before
authentication is required.
State RFC 2865 24 String Access-Challenge,
Access-Request
Site specific.
Termination-Action RFC 2865 29 Integer Access-Accept Specifies how the switch
should respond to service
termination.
Tunnel-Medium-
Type
RFC 2868 65 Integer Access-Accept Specifies the transport
medium used when creating
a tunnel for protocols (for
example, VLANs) that can
operate over multiple
transports.
Tunnel-Private-
Group-ID
RFC 2868 81 String Access-Accept Specifies the VLAN ID of the
destination VLAN after
successful authentication;
used to derive the VLAN
name.
Tunnel-Type RFC 2868 64 Integer Access-Accept Specifies the tunneling
protocol that is used.
User-Password RFC 2138 2 String Access-Request Specifies a password for
authentication.
Table 50. Standard RADIUS Attributes Used by Network Login (Continued)
Attribute RFC Attribute
Type
Format Sent-in Description