486 | Security
www.dell.com | support.dell.com
RADIUS can specify an ACL for the user if both of the following are true:
• If an ACL is absent.
• There is a very long delay for an entry, or a denied entry because of an ACL, and a message is logged.
Auto-Command
You can configure the system through the RADIUS server to automatically execute a command when you
connect to a specific line. To do this, use the
auto-command command. The auto-command is executed
when the user is authenticated and before the prompt appears to the user.
Set Access to Privilege Levels through RADIUS
To configure a privilege level for the user to enter into when they connect to a session, through the
RADIUS server, use the
privilege level command. This value is configured on the client system.
Configuration Task List for RADIUS
To authenticate users using RADIUS, you must specify at least one RADIUS server so that the system can
communicate with and configure RADIUS as one of your authentication methods.
The following list includes the configuration tasks for RADIUS.
• Define an aaa Method List to be Used for RADIUS (mandatory)
• Apply the Method List to Terminal Lines (mandatory except when using default lists)
• Specify a RADIUS Server Host (mandatory)
• Set the Global Communication Parameters for all RADIUS Server Hosts (optional)
• Monitor RADIUS (optional)
For a complete listing of all FTOS commands related to RADIUS, refer to the Security chapter in the
FTOS Command Reference Guide.
To view the configuration, use the
show config command in LINE mode or the show running-config command
in EXEC Privilege mode.
Note: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and TACACS)
are supported. Authorization is denied in cases using extended ACLs.
Note: RADIUS authentication and authorization are done in a single step. Hence, authorization
cannot be used independent of authentication. However, if RADIUS authorization is configured
and authentication is not, a message is logged stating this. During authorization, the next method
in the list (if present) is used, or if another method is not present, an error is reported.
To Next Page
Loading...
