1 radius support on nortel switches – Panasonic 5500 User Manual
Page 6
___________________________________________________________________________________________________________________________
5
1. Overview: RADIUS User Authentication
using Identify Engines
This document provides the framework for implementing user Authentication, Authorization, and
Accounting for Nortel switches.
1.1 RADIUS Support on Nortel Switches
RADIUS
authenti-
cation
802.1x
(EAP)
RADIUS
authenti-
cation
RADIUS
accoun-
ting
802.1x
(EAP)
RADIUS
account-
ing
RADIUS
account-
ing for CLI
commands
RADIUS
user
access
profile
RADIUS
SNMP
account-
ing
ERS
8600
Yes Yes Yes Yes Yes Yes Yes
ERS
8300
Yes Yes Yes Yes Yes Yes No
ERS
1600
Yes Yes Yes Yes Yes Yes No
ES
460/470
Yes
Yes
No
No No No No
ERS 2500
Yes
Yes
No
Yes
No
No
No
ERS 4500
Yes
Yes
No
Yes
No
No
No
ERS 5500
Yes
Yes
No
Yes
No
No
No
ERS 5600
Yes
Yes
No
Yes
No
No
No
1.2 User Authentication using ERS1600, ERS8300, or
ERS8600
The ERS1600, ERS8300, and ERS8600 each support six different user access levels. The
access level is determined by the RADIUS attribute value sent back to the switch. The switch
uses RADIUS Vendor-Specific Attributes (IETF Attribute 26) to support its own extended
attributes. Vendor identifier 1584 (Bay Networks) attribute type 192 is used where the value is a
number from 0 to 6. The following chart displays the RADIUS attribute values and corresponding
access level.
Access Level
VSA Attribute 26 – Vendor Identifier 1584
Type 192 value
None-Access 0
Read-Only-Access 1
Layer 1-Read-Write-Access
2
Layer 2-Read-Write-Access
3
Layer 3-Read-Write-Access
4
Read-Write-Access 5
Read-Write-All-Access 6
In addition, on the ERS8600 only, via vendor identifier 1584 attribute type 194, if is set to a value
of 0, you can enter a list of CLI commands not allowed for a user. The CLI command is entered
using the RADIUS string value configured via RADIUS vendor identifier 1584 attribute type 195.