Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 135
Brocade Mobility RFS7000-GR Controller System Reference Guide
121
53-1001944-01
Viewing and configuring switch WLANs
4
•
Brocade user privilege values
•
User login source
Configuring Brocade specific RADIUS Server user privilege values
The following recommended RADIUS Server user privilege settings specify access privilege levels
for those accessing the switch managed network. To define user privilege values, assign the
following attributes in the external RADIUS Server:
1. Set the attribute number to 1 and its type as "integer."
2. Define the following possible decimal values for user access permissions:
a. Set the Monitor Role value to 1 (read-only access to the switch).
b. Set the Helpdesk Role value to 2 (helpdesk/support access to the switch).
c. Set the Nwadmin Role value to 4 (wired and wireless access to the switch).
d. Set the Sysadmin Role value to 8 (system administrator access).
e. Set the WebAdmin Role value to 16 (guest user application access).
f.
Set the Superuser Role value to 32768 (grants full read/write access to the switch).
3. Specify multiple privileges (for a single user) by specifying different attributes as needed. The
privilege values can be ORed and specified once. For example, if a user needs monitor
(read-only) and helpdesk access, configure the RADIUS Server with two attributes. Once with a
value 1 for monitor access and then with a value 2 for the helpdesk role.
Multiple roles can also be defined by configuring the RADIUS Server with attribute 1 and value
3 (or monitor value 1 and helpdesk value 2).
NOTE
If user privilege attributes are not defined for the RADIUS Server, users will be authenticated with a
default privilege role of 1 (Monitor read-only access).
Configuring the user login sources
The following recommended RADIUS Server user login sources specify the location
(ssh/telnet/console/Web) from which users are allowed switch access. If login access permissions
are not defined (restricted), users will be allowed to login from each interface. To define login
source access locations:
1. Set the attribute number to 100 and its type as "integer."
2. Define the following possible decimal values for login sources:
a. Set the Console Access value to 128 (user is allowed login privileges only from console).
b. Set the Telnet Access value to 64 (user is allowed login privileges only from a Telnet
session).
c. Set the SSH Access value to 32 (user is allowed login privileges only from ssh session).
d. Set the Web Access value to 16 (user is allowed login privileges only from Web/applet).
3. Specify multiple access sources by using different values. The privilege values can be ORed
and specified once. For example, if a user needs access from both the console and Web,
configure the RADIUS Server with the 100 attribute twice, once with value 128 for console and
next with value 16 for Web access.