EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 837

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuring RADIUS Server Username and Password Authentication
In this example, an external RADIUS server is used to authenticate management users. Upon authentication,
users are assigned the default role root.
In the WebUI
1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select RADIUS Server to display the Radius Server List.
a. To configure a RADIUS server, enter the name for the server (for example, rad1) and click Add.
b. Select the name to configure server parameters, such as IP address. Select the Mode checkbox to
activate the server.
c. Click Apply.
3. Select Server Group to display the Server Group list.
a. Enter the name of the new server group (for example, corp_rad) and click Add.
b. Select the name to configure the server group.
c. Under Servers, click New to add a server to the group.
d. Select a server from the drop-down menu and click Add Server.
e. Click Apply.
4. Navigate to the Configuration > Management > Administration page.
a. Under Management Authentication Servers, select a management role (for example, root) for the
Default Role.
b. Select (check) Mode.
c. For Server Group, select the server group that you just configured.
d. Click Apply.
In the CLI
aaa authentication-server radius rad1
host <ipaddr>
enable
aaa server-group corp_rad
auth-server rad1
aaa authentication mgmt
default-role root
enable
server-group corp_rad
Configuring RADIUS Server Authentication with VSA
In this scenario, an external RADIUS server authenticates management users and returns to the switch the
Alcatel-Lucent vendor-specific attribute (VSA) called Alcatel-Lucent-Admin-Role that contains the name of the
management role for the user. The authenticated user is placed into the management role specified by the
VSA.
The switch configuration is identical to the Configuring RADIUS Server Username and Password Authentication
on page 837. The only difference is the configuration of the VSA on the RADIUS server. Ensure that the value
of the VSA returned by the RADIUS server is one of the predefined management roles. Otherwise, the user will
have no access to the switch.
AOS-W 6.5.3.x | User Guide Management Access | 837

Table of Contents