Home » Dell Manuals » Hubs & Switches » Dell PowerConnect 6248 » Manual Viewer

Dell PowerConnect 6248 Configuration Guide - Page 118

RADIUS Configuration Examples, Example #1: Basic RADIUS Server Configuration

View all Dell PowerConnect 6248 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 118 highlights

attributes containing configuration information. If the server rejects the user, it returns a negative result. If the server rejects the client or the shared "secrets" differ, the server returns no result. If the server requires additional verification from the user, it returns a challenge, and the request process begins again. If you use a RADIUS server to authenticate users, you must configure user attributes in the user database on the RADIUS server. The user attributes include the user name, password, and privilege level. NOTE: To set the privilege level, use the Service-Type attribute. Do not us any vendor-specific attribute value pairs. The following example shows an entry in the FreeRADIUS /etc/raddb/users file that allows a user (name: admin) to log onto the switch with read/write privileges, which is equivalent to privilege level 15. admin Auth-Type := Local, User-Password == "pass1234" Service-Type = NAS-Prompt-User enable Auth-Type := Local, User-Password == "pass5678" Service-Type = Administrative-User The values for the Service-Type attribute are as follows: • NAS-Prompt-User indicates the user should be provided a command prompt on the NAS, from which nonprivileged commands can be executed. • Administrative-User indicates the user should be granted access to the administrative interface to the NAS, from which privileged commands can be executed. RADIUS Configuration Examples This section contains examples of commands used to configure RADIUS settings on the switch. Example #1: Basic RADIUS Server Configuration This example configures two RADIUS servers at 10.10.10.10 and 11.11.11.11. Each server has a unique shared secret key. The shared secrets are configured to be secret1 and secret2 respectively. The server at 10.10.10.10 is configured as the primary server. The process creates a new authentication list, called radiusList, which uses RADIUS as the primary authentication method, and local authentication as a backup method in the event that the RADIUS server cannot be contacted. 118 Device Security

Section	Page
Configuration Guide	1
Contents	3
About this Document	9
Organization	9
Additional Documentation	10
System Configuration	11
Traceroute	12
CLI Example	12
Configuration Scripting	13
Overview	13
Considerations	13
CLI Examples	14
Outbound Telnet	16
Overview	16
CLI Examples	17
Simple Network Time Protocol (SNTP)	17
Overview	17
CLI Examples	18
Syslog	20
Overview	20
CLI Examples	20
Port Description	22
CLI Example	22
Storm Control	23
CLI Example	23
Cable Diagnostics	25
Copper Port Cable Test	25
Fiber Port Cable Test	27
Switching Configuration	29
Virtual LANs	29
VLAN Configuration Example	30
CLI Examples	31
Web Interface	33
IP Subnet and MAC-Based VLANs	34
CLI Examples	34
Private Edge VLANs	35
CLI Example	36
Voice VLAN	37
Using Voice VLAN	37
Interaction with LLDP-MED	38
IGMP Snooping	40
CLI Examples	40
IGMP Snooping Querier	43
CLI Examples	43
Link Aggregation/Port Channels	45
CLI Example	46
Web Interface Configuration: LAGs/Port-channels	48
Port Mirroring	49
Overview	49
CLI Examples	49
Port Security	50
Overview	50
Operation	50
CLI Examples	51
Link Layer Discovery Protocol	52
CLI Examples	52
Denial of Service Attack Protection	54
Overview	54
CLI Examples	55
DHCP Snooping	56
CLI Examples	59
sFlow	67
Overview	67
sFlow Agents	68
CLI Examples	69
Routing Configuration	73
VLAN Routing	74
CLI Examples	74
Using the Web Interface to Configure VLAN Routing	76
Virtual Router Redundancy Protocol	77
CLI Examples	77
Using the Web Interface to Configure VRRP	79
Proxy Address Resolution Protocol (ARP)	80
Overview	80
CLI Examples	80
OSPF	81
OSPF Concepts and Terms	81
CLI Examples	83
Routing Information Protocol	92
RIP Configuration	92
CLI Examples	93
Using the Web Interface to Configure RIP	94
Route Preferences	95
Assigning Administrative Preferences to Routing Protocols	95
Using Equal Cost Multipath	97
Loopback Interfaces	99
IP Helper	100
CLI Examples	102
Device Security	105
802.1x Network Access Control	106
802.1x Network Access Control Examples	106
802.1X Authentication and VLANs	109
Authenticated and Unauthenticated VLANs	109
Guest VLAN	109
CLI Examples	110
Authentication Server Filter Assignment	111
Access Control Lists (ACLs)	111
Overview	111
MAC ACLs	113
IP ACLs	114
ACL Configuration Process	114
IP ACL CLI Example	115
Configuring a MAC ACL	116
RADIUS	117
RADIUS Configuration Examples	118
TACACS+	120
TACACS+ Configuration Example	120
802.1x MAC Authentication Bypass (MAB)	122
Operation in the Network	122
CLI Examples	123
Captive Portal	125
Overview	125
Functional Description	125
Captive Portal Configuration, Status and Statistics	126
Captive Portal Status	128
Captive Portal Statistics	129
CLI Examples	129
IPv6	135
Overview	135
Interface Configuration	135
CLI Example	136
Quality of Service	139
Class of Service Queuing	139
Ingress Port Configuration	139
Egress Port Configuration—Traffic Shaping	140
Queue configuration	140
Queue Management Type	140
CLI Examples	140
Differentiated Services	143
CLI Example	144
DiffServ for VoIP Configuration Example	146
Multicast	149
Overview	149
When to Enable IP Multicast on the PowerConnect 6200 Series Switch	150
IGMP Configuration	150
CLI Example	150
IGMP Proxy	151
CLI Examples	151
DVMRP	152
CLI Example	153
PIM	154
PIM-SM	154
PIM-DM	155
Multicast Routing and IGMP Snooping	157
Utility	161
Auto Config	162
Overview	162
Functional Description	162
CLI Examples	167
Nonstop Forwarding on a Switch Stack	168
Initiating a Failover	168
Checkpointing	168
Switch Stack MAC Addressing and Stack Design Considerations	170
NSF Network Design Considerations	170
NSF Default Behavior	170

Match case Limit results 1 per page

118

Device Security

attributes containing configuration information. If the server rejects the user, it returns a negative result.

If the server rejects the client or the shared “secrets” differ, the server returns no result. If the server

requires additional verification from the user, it returns a challenge, and the request process begins again.

If you use a RADIUS server to authenticate users, you must configure user attributes in the user database

on the RADIUS server. The user attributes include the user name, password, and privilege level.

NOTE:

To set the privilege level, use the

Service-Type

attribute. Do not us any vendor-specific attribute

value pairs.

The following example shows an entry in the FreeRADIUS

/etc/raddb/users

file that allows a

user (name: admin) to log onto the switch with read/write privileges, which is equivalent to privilege level

15.

admin

Auth-Type := Local,

User-Password == "pass1234"

Service-Type = NAS-Prompt-User

enable

Auth-Type := Local,

User-Password == "pass5678"

Service-Type = Administrative-User

The values for the Service-Type attribute are as follows:

•

NAS-Prompt-User

indicates the user should be provided a command prompt on the NAS, from

which nonprivileged commands can be executed.

•

Administrative-User

indicates the user should be granted access to the administrative

interface to the NAS, from which privileged commands can be executed.

RADIUS Configuration Examples

This section contains examples of commands used to configure RADIUS settings on the switch.

Example #1: Basic RADIUS Server Configuration

This example configures two RADIUS servers at 10.10.10.10 and 11.11.11.11. Each server has a unique

shared secret key. The shared secrets are configured to be

secret1

and

secret2

respectively. The server at

10.10.10.10 is configured as the primary server. The process creates a new authentication list, called

radiusList, which uses RADIUS as the primary authentication method, and local authentication as a

backup method in the event that the RADIUS server cannot be contacted.