Alteon Application Switch Operating System Application Guide
Securing Alteon
66 Document ID: RDWR-ALOS-V2900_AG1302
Backdoor Access
When both the primary and secondary authentication servers are not reachable, the administrator
has the option to allow backdoor access on a per user basis. This access is disabled by default and
must be activated for each individual user the administrator wishes to grant it to.
Note: If a user cannot establish a connection to the RADIUS server, failover to the local backdoor
users are not permitted. This is done to avoid a DoS attack on RADIUS or Alteon allowing access.
Examples
A The following command enables backdoor access for user 9:
B The following command disables access for user 9:
Defining User Privileges in the RADIUS Dictionary
All user privileges, other than those assigned to the administrator, have to be defined in the RADIUS
dictionary. RADIUS attribute 6, which is built into all RADIUS servers, defines the administrator. The
filename of the dictionary is RADIUS vendor-dependent.
The following RADIUS attributes are defined for Alteon user privileges levels:
>> Main# /cfg/sys/access/user/uid 9/backdoor e
>> Main# /cfg/sys/access/user/uid 9/backdoor d
Table 4: Alteon-Proprietary Attributes for RADIUS
Username/Access User Service Type Value
l1oper Vendor-supplied 259
l2oper Vendor-supplied 258
l3oper Vendor-supplied 257
l3admin Vendor-supplied 256
user Vendor-supplied 255
slboper Vendor-supplied 254
l4oper Vendor-supplied 253
oper Vendor-supplied 252
slbadmin Vendor-supplied 251
l4admin Vendor-supplied 250
crtadmin Vendor-supplied 249
slbadmin + crtmng Vendor-supplied 248
l4admin + crtmng Vendor-supplied 247
slbview Vendor-supplied 246
admin Vendor-supplied 6 (pre-defined)
To Next Page
Loading...
