EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 206

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
User Authentication
For information about assigning a server group for user authentication, refer to the Roles and Policies chapter
of the AOS-W User Guide.
Management Authentication
Users who need to access the switch to monitor, manage, or configure the Alcatel-Lucent user-centric network
can be authenticated with RADIUS, TACACS+, or LDAP servers or the internal database.
Only user record attributes are returned upon successful authentication. Therefore, to derive a
management role other than the default mgmt auth role, set the server derivation rule based on the user
attributes.
Using the WebUI
1. Navigate to the Configuration > Management > Administration page.
2. Under the Management Authentication Servers section, select the following:
n Enable check box
n Server Group
3. Click Apply.
Using the CLI
(host)(config) #aaa authentication mgmt
server-group <group>
enable
Accounting
You can configure accounting for RADIUS and TACACS+ server groups.
RADIUS or TACACS+ accounting is only supported when RADIUS or TACACS+ is used for authentication.
RADIUS Accounting
RADIUS accounting allows user activity and statistics to be reported from the switch to RADIUS servers:
1. The switch generates an Accounting Start packet when a user logs in. The code field of transmitted RADIUS
packet is set to 4 (Accounting-Request). Note that sensitive information, such as user passwords, are not
sent to the accounting server. The RADIUS server sends an acknowledgement of the packet.
2. The switch sends an Accounting Stop packet when a user logs off; the packet information includes various
statistics such as elapsed time, input and output bytes, and packets. The RADIUS server sends an
acknowledgment of the packet.
The following is the list of attributes that the switch can send to a RADIUS accounting server:
n Acct-Status-Type: This attribute marks the beginning or end of accounting record for a user. Current
values are Start, Stop, and Interim Update.
n User-Name: Name of user.
n Acct-Session-Id: A unique identifier to facilitate matching of accounting records for a user. It is derived
from the user name, IP address, and MAC address. This is set in all accounting packets.
n Acct-Authentic: This indicates how the user was authenticated. Current values are 1 (RADIUS), 2 (Local),
and 3 (LDAP).
AOS-W 6.5.3.x | User Guide Authentication Servers | 206

Table of Contents