Dell POWEREDGE M1000E User Manual

Page 234

Advertising
background image

8-30

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 8 Configuring Switch-Based Authentication

Controlling Switch Access with RADIUS

For example, this AV pair activates Cisco’s multiple named ip address pools feature during IP
authorization (during PPP IPCP address assignment):

cisco-avpair= ”ip:addr-pool=first“

This example shows how to provide a user logging in from a switch with immediate access to privileged
EXEC commands:

cisco-avpair= ”shell:priv-lvl=15“

This example shows how to specify an authorized VLAN in the RADIUS server database:

cisco-avpair= ”tunnel-type(#64)=VLAN(13)”

cisco-avpair= ”tunnel-medium-type(#65)=802 media(6)”

cisco-avpair= ”tunnel-private-group-ID(#81)=vlanid”

This example shows how to apply an input ACL in ASCII format to an interface for the duration of this
connection:

cisco-avpair= “ip:inacl#1=deny ip 10.10.10.10 0.0.255.255 20.20.20.20 255.255.0.0”

cisco-avpair= “ip:inacl#2=deny ip 10.10.10.10 0.0.255.255 any”

cisco-avpair= “mac:inacl#3=deny any any decnet-iv”

This example shows how to apply an output ACL in ASCII format to an interface for the duration of this
connection:

cisco-avpair= “ip:outacl#2=deny ip 10.10.10.10 0.0.255.255 any”

Other vendors have their own unique vendor-IDs, options, and associated VSAs. For more information
about vendor-IDs and VSAs, see RFC 2138, “Remote Authentication Dial-In User Service (RADIUS).”

Beginning in privileged EXEC mode, follow these steps to configure the switch to recognize and use
VSAs:

For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, see the
“RADIUS Attributes” appendix in the Cisco IOS Security Configuration Guide, Release 12.2.

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

radius-server vsa send [accounting |
authentication]

Enable the switch to recognize and use VSAs as defined by RADIUS IETF
attribute 26.

(Optional) Use the accounting keyword to limit the set of recognized
vendor-specific attributes to only accounting attributes.

(Optional) Use the authentication keyword to limit the set of
recognized vendor-specific attributes to only authentication attributes.

If you enter this command without keywords, both accounting and
authentication vendor-specific attributes are used.

Step 3

end

Return to privileged EXEC mode.

Step 4

show running-config

Verify your settings.

Step 5

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Advertising
Popular Brands
Popular manuals