Dell PowerConnect 5212 Addendum to the User's Guide - Page 15
RADIUS Configuration for Management Access - password
View all Dell PowerConnect 5212 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 15 highlights
Y1836bk0.book Page 13 Tuesday, July 15, 2003 12:55 PM attributes. Standard RADIUS packets and attributes are defined in RFC 2865, RADIUS. When configuring the RADIUS server, certain attributes and values need to be specified to control the authorization of users on the switch. NOTE: The RADIUS server must be configured separately for each switch that needs to use its services. The switch and RADIUS server must be configured correctly to process authentication communications. This applies to both authentication to gain management access to the switch, and to IEEE 802.1x port authentication for network access. For the RADIUS server to communicate with the switch, the following basic parameters must first be configured on the server: • The IP address of the switch • The RADIUS secret text key used by the server and the switch • The UDP ports used to communicate with the switch (The default on the switch is port 1812.) Refer to your RADIUS server documentation for information on configuring these specific parameters. The server configuration for users and specific RADIUS attributes depend on whether authentication is for management access to the switch or for IEEE 802.1x port authentication. The configuration details for each application are in the following sections. RADIUS Configuration for Management Access Each user who requires management access to the switch must be configured on the RADIUS server. When setting up the client user database, include the following information: • User Name. • Password. • RADIUS attribute service type - This attribute (type number 6) returns the privilege level of the user to the switch. Select Administrative (value 6) for users that are allowed privileged exec access. Any other value received by the switch allows only normal exec access. The switch requires a special user name to be configured on the RADIUS server to enable privileged exec access from normal exec access using the CLI command enable. Configure a user name of $Enable with a password enable. Then set the Service-Type attribute to Administrative. NOTE: Other attributes can be configured on the RADIUS server, which if passed to the switch will be ignored. Refer to your RADIUS server documentation for information on configuring a user database and specific attributes. Documentation Update 13