RADIUS Attributes Reference
7750 SR RADIUS Attributes Reference Guide Page 133
61 NAS-Port-Type Mandatory included as type Virtual (5) for telnet/ssh or Async (0) for
Console.
95 NAS-IPv6-Address The identifying IP Address of the NAS requesting the Authentication or
Accounting. Included when the RADIUS server is reachable via IPv6.
The address is determined by the routing instance through which the RADIUS
server can be reached:
“Management” — The active IPv6 address in the Boot Options File (bof
address <ipv6-address>)
“Base” — The IPv6 address of the system interface (configure router
interface system ipv6 address <ipv6-address>). The address can be
overwritten with the configured ipv6-source-address (configure system
security source-address application6 radius <ipv6-address>)
26-6527-1 Timetra-Access Specifies the type of access (FTP, console access or both) the user is
permitted.
26-6527-2 Timetra-Home-
Directory
Specifies the local home directory for the user for console and FTP access and
is enforced with attribute [26-6527-3]Timetra-Restrict-To-Home. The home
directory is not enforced if [26-6527-3]Timetra-Restrict-To-Home is omitted.
The local home directory is entered from the moment when the authenticated
user enters the file CLI command.
26-6527-3 Timetra-Restrict-To-
Home
When the value is true the user is not allowed to navigate to directories above
his home directory for file access. The home-directory is specified in [26-
6527-2] Timetra-Home-Directory and is root if [26-6527-2] Timetra-Home-
Directory is omitted.
26-6527-4 Timetra-Profile The user profile(s) that the user has access to and refers to pre-configured
user-profile-name's (configure system security profile <user-profile-
name>). These pre-configured profiles hold a default-action, a match
command-string and a command-action. Unreferenced profiles names are
silently ignored. If the maximum number of profile strings is violated, or if a
string is too long, processing the input is stopped but authorization continues
and too long profile string (and all strings followed by that) are ignored. Each
user can have multiple profiles and the order is important. The first user
profile has highest precedence, followed by the second and so on. Note: For
each authenticated RADIUS user a temporary profile with name [1]User-
Name is always created (show system security profile) and executed as last
profile. This temporary profile is build from the mandatory attribute [26-
6527-5]Timetra-Default-Action and optional attributes [26-6527-6] Timetra-
Cmd, [26-6527-7] Timetra-Action.
26-6527-5 Timetra-Default-A ctio n Specifies the default action (permit-all, deny-all or none) when the user has
entered a command and none of the commands-strings in [26-6527-
6]Timetra-Cmd resulted in a match condition. The attribute is mandatory and
required even if the [36-6527-6] Timetra-Cmd's are not used.
Table 44: CLI User Authentication and Authorization (description) (Continued)
Attribute ID Attribute Name Description
To Next Page
Loading...
