Installation & Operation Manual 386 Document # LTRT-92224
Mediant 8000
33.18.6.2.2 Working With RADIUS Server : User Login
When user logs into the Mediant 8000 CLI, Access-Request message containing
username and password is sent to the RADIUS servers. In response, one of the
following messages may be received:
Access-Accept – indicates that user is allowed to log in; if the response contains
Reply-Message attribute, it is displayed to the user.
Access-Reject – indicates that user is not allowed to log in; if the response
contains Reply-Message attribute, it's displayed to the user.
Access-Accept message may contain one of the following Vendor-Specific
Attributes (VSAs) that are used to determine the "privilege level" of the CLI user
(administrator/monitor):
• AudioCodes VSA
♦ Vendor ID: 5003
♦ Vendor Type: 35
♦ Values: 0 = no access, 1-99 = monitor level; 100-255 = administrator
level
• CISCO VSA
♦ Vendor ID: 9
♦ Vendor Type: 1
♦ Values: “shell:priv_lvl=x”, where x is: 0=monitor level, 1-
15=administrator level
33.18.6.2.3 Configuring the Media Gateway to Work With RADIUS Servers
This section describes how to configure the Media Gateway to Work With RADIUS
servers.
To configure Mediant 8000 to work with centralized RADIUS servers:
1. Connect to the Mediant 8000 CLI interface (on active SC board) and login as
root user.
2. Disable synchronization of local CLI user database with EMS server via tools
user sync disable command.
3. Delete all CLI users except root and ems from local user database on SC boards
via tools user del all command.
4. Click
to access the Media Gateway status screen.
5. In the Navigation pane, select Security and then in the configuration pane, select
Security Settings; the Security Settings screen is displayed.
6. In the Security Settings screen, select the CLI Authentication tab.
7. At the bottom of the screen, use the
or buttons to add or remove
RADIUS servers. Configure RADIUS server settings according to the "AAA
Server Settings" table above. After completing the configuration, unlock table
entries by right-clicking on the row and choosing Unlock.
8. Set External Authentication Server to RADIUS.
To Next Page
Loading...
