6-14
RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
this default behavior for clients with Enable (manager) access. That is, with
privilege-mode enabled, the switch immediately allows Enable (Manager)
access to a client for whom the RADIUS server specifies this access level.
Syntax: [no] aaa authentication login privilege-mode
When enabled, the switch reads the Service-Type field in the
client authentication received from a RADIUS server. The
following table describes the applicable Service-Type values
and corresponding client access levels the switch allows upon
authentication by the server.
Service-Type Value Client Access Level
Administrative-
User
6 Manager
NAS-Prompt-
User
7 Operator
Any Other Type Any Value Except
6 or 7
Access Denied
This feature applies to console (serial port), Telnet, SSH, and
WebAgent access to the switch. It does not apply to 802.1X
port-access.
Notes: While this option is enabled, a Service-Type value
other than 6 or 7, or an unconfigured (null) Service-Type
causes the switch to deny access to the requesting client.
The no form of the command returns the switch to the default
RADIUS authentication operation. The default behavior for
most interfaces is that a client authorized by the RADIUS
server for Enable (Manager) access will be prompted twice,
once for Login (Operator) access and once for Enable access.
In the default RADIUS authentication operation, the
WebAgent requires only one successful authentication
request. For more information on configuring the Service
Type in your RADIUS application, refer to the documentation
provided with the application.
To Next Page
Loading...
