Realms & groups, Realms – Avaya P580 User Manual

Page 83

Advertising
background image

Avaya P550R, P580, P880, and P882 Multiservice Switch User Guide, Version 5.3.1

2-25

Initialize and Setup

RADIUS configuration, you will not be able to create user accounts
that are Read-Write.

Realms &
Groups

Realms and Groups provide two separate functions. A Realm
provides a way of organizing user accounts on the RADIUS server.
Groups provide a way of organizing NADs a user can log into as well
as delivering vendor specific configurable parameters.

For example: You might use a Realm called AvayaRealm to organize
all of the user accounts that can log into Avaya switches in a campus
environment. In this campus, there are two teams of network
administrators, one team for the North campus and one for the
South campus. Each team needs Read-Write access to the switches
in their half of the campus and Read-Only access to the switches in
the other half of the campus.

You would then configure all of the North switches with a Group
name of NorthSwitches; and the South switches with
SouthSwitches.

For each user, you would create two user accounts in the
AvayaRealm, one with a Group name of NorthSwitches and one
with SouthSwitches. Each account would have the appropriate
permissions for the two switch types.

When a user from the North team logs into a switch in the North
campus, the switch will send an Access Request message with
@AvayaRealm appended to the user name and a Group name of
NorthSwitches. The RADIUS server will send an Access Accept
message indicating Read-Write permission.

Similarly, when the same user logs in to a switch on the South
campus, the message will append @AvayaRealm and a Group name
of SouthSwitches. The RADIUS server will send an Access Accept
message indicating Read-Only permission.

Realms

A Realm provides a mechanism by which a RADIUS manager can
organize user accounts. Consult the RADIUS vendor’s
documentation on how to create Realms on the server. Once
created, user accounts are placed in the realms. The realm name is
also configured on the NADs and when the NADs send Access
Request messages, the user name is appended with an “@” and the
Realm name.

For example: User Bob in the AvayaRealm would log into the switch
with Bob. The Avaya switch would send the Access Request

Advertising
This manual is related to the following products:

P550R

Popular Brands
Popular manuals