Authenticating Users
Summit 300-48 Switch Software User Guide 45
Authenticating Users
ExtremeWare provides a Radius client to authenticate switch admin users who login to the switch:
RADIUS Client
Remote Authentication Dial In User Service (RADIUS, RFC 2138) is a mechanism for authenticating and
centrally administrating access to network nodes. The ExtremeWare RADIUS client implementation
allows authentication for Telnet or console access to the switch.
You can define a primary and secondary RADIUS server for the switch to contact. When a user
attempts to login using Telnet, http, or the console, the request is relayed to the primary RADIUS server,
and then to the secondary RADIUS server, if the primary does not respond. If the RADIUS client is
enabled, but access to the RADIUS primary an secondary server fails, the switch uses its local database
for authentication.
The privileges assigned to the user (admin versus nonadmin) at the RADIUS server take precedence
over the configuration in the local switch database.
Configuring RADIUS Client
You can define primary and secondary server communication information, and for each RADIUS server,
the RADIUS port number to use when talking to the RADIUS server. The default port value is 1645. The
client IP address is the IP address used by the RADIUS server for communicating back to the switch.
RADIUS commands are described in Table 11.
Table 11: RADIUS Commands
Command Description
enable radius Enables RADIUS globally for wired and wireless access.
disable radius Disables RADIUS globally for wired and wireless access.
enable radius network-access Enables RADIUS for wireless access only.
disable radius network-access Disables RADIUS for wireless access only.
enable radius switch-access Enables RADIUS for switch access only. In order to obtain wireless
access as well, the enable radius network-access command
must be used.
disable radius switch-access Disables RADIUS for switch access only.
To Next Page
Loading...
