Per-command authentication using radius, Configuring radius client – Extreme Networks 200 Series User Manual
Page 67
Authenticating Users
Summit 200 Series Switch Installation and User Guide
65
Per-Command Authentication Using RADIUS
The RADIUS implementation can be used to perform per-command authentication. Per-command
authentication allows you to define several levels of user capabilities by controlling the permitted
command sets based on the RADIUS username and password. You do not need to configure any
additional switch parameters to take advantage of this capability. The RADIUS server implementation
automatically negotiates the per-command authentication capability with the switch. For examples on
per-command RADIUS configurations, see “Configuring RADIUS Client” on page 65.
Configuring RADIUS Client
You can define primary and secondary server communication information, and for each RADIUS server,
the RADIUS port number to use when talking to the RADIUS server. The default port value is 1645. The
client IP address is the IP address used by the RADIUS server for communicating back to the switch.
RADIUS commands are described in Table 19.
Table 19: RADIUS Commands
Command
Description
config radius [primary | secondary] server
[<ipaddress> | <hostname>] {<udp_port>} client-ip
<ipaddress>
Configures the primary and secondary
RADIUS server. Specify the following:
•
[primary | secondary]
—
Configure either the primary or
secondary RADIUS server.
•
[<ipaddress> | <hostname>]
—
The IP address or hostname of the
server being configured.
•
<udp_port>
— The UDP port to use
to contact the RADIUS server. The
default UDP port setting is 1645.
•
client-ip <ipaddress>
— The IP
address used by the switch to identify
itself when communicating with the
RADIUS server.
The RADIUS server defined by this
command is used for user name
authentication and CLI command
authentication.
config radius [primary | secondary] shared-secret
{encrypted} <string>
Configures the authentication string used
to communicate with the RADIUS server.