Owner's Manual
492 | Chapter 17. Security
NETGEAR 8800 User Manual
Based on the profiles listed in the example above and the users listed in the example in
Configuring the Users File on page 490, command authorization for this example operates as
follows:
• User eric is able to log in, but is unable to perform any commands, because he has no
valid profile assigned.
• Users albert and lulu are assigned to PROFILE1, which uses the deny keyword, so their
use of commands is as follows:
• Cannot use any command starting with enable.
• Cannot use the disable ipforwarding command.
• Cannot use a show switch command.
• Can perform all other commands.
• User gerald is assigned to PROFILE2, so his use of commands is as follows:
• Can use any enable command, the clear counters command, and the show
management
command.
• Cannot execute any other commands on the switch.
Additional RADIUS Configuration Examples
RADIUS server. This section provides examples and guidelines for the following tasks:
• Installing and Testing the FreeRADIUS Server on page 492
• Configuring the FreeRADIUS Server on page 493
• Configuring the RADIUS-to-LDAP Attribute Mappings on page 494
• Configuring Additional Attributes Mappings on page 494
• Modifying the RADIUS Schema on page 494
• Configuring the Authentication Method for Supplicants on page 495
• Starting the FreeRADIUS Server on page 495
Installing and Testing the FreeRADIUS Server
RADIUS is a client/server protocol based on UDP. The example presented in this section
describes a RADIUS server that is a daemon process running on a Linux server.
The following example shows how to install and test a FreeRADIUS server:
tar -zxvf freeradius-1.0.2.tar.gz (extract with gunzip and tar)
./configure
make
make install (run this command as root)
radiusd (start RADIUS server, or...)
radiusd -X (start RADIUS server in debug mode)
radtest test test localhost 0 testing123 (test RADIUS server)
If radtest receives a response, the FreeRADIUS server is up and running.