Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 66

Advertising
background image

46

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

RADIUS security

TABLE 8

Brocade vendor-specific attributes for RADIUS

Attribute name

Attribute ID

Data type

Description

foundry-privilege-level

1

integer

Specifies the privilege level for the user. This
attribute can be set to one of the following:

0 - Super User level – Allows complete
read-and-write access to the system. This is
generally for system administrators and is
the only management privilege level that
allows you to configure passwords.

4 - Port Configuration level – Allows
read-and-write access for specific ports but
not for global (system-wide) parameters.

5 - Read Only level – Allows access to the
Privileged EXEC mode and User EXEC mode
of the CLI but only with read access.

foundry-command-string

2

string

Specifies a list of CLI commands that are
permitted or denied to the user when RADIUS
authorization is configured.
The commands are delimited by semi-colons (;).
You can specify an asterisk (*) as a wildcard at
the end of a command string.
For example, the following command list
specifies all show and debug ip commands, as
well as the write terminal command:
show *; debug ip *; write term*

foundry-command-exception-fl
ag

3

integer

Specifies whether the commands indicated by
the foundry-command-string attribute are
permitted or denied to the user. This attribute can
be set to one of the following:

0 - Permit execution of the commands
indicated by foundry-command-string, deny
all other commands.

1 - Deny execution of the commands
indicated by foundry-command-string,
permit all other commands.

foundry-access-list

5

string

Specifies the access control list to be used for
RADIUS authorization. Enter the access control
list in the following format.
type=string, value="ipacl.[e|s].[in|out] =
[<acl-name>|<acl-number>] <separator>
macfilter.in = [<acl-name>|<acl-number>]
Where:

separator can be a space, newline,
semicolon, comma, or null character

ipacl.e is an extended ACL; ipacl.s is a
standard ACL.

foundry-MAC-authent-needs-80
2x

6

integer

Specifies whether or not 802.1x authentication is
required and enabled.
0 - Disabled
1 - Enabled

Advertising
Popular Brands
Popular manuals