Enterasys Networks 6H2xx User Manual

Overview of Security Methods

Accessing Local Management

3-17

The access level can be set to one of the following levels for each user name:

•

super-user

•

read-write

•

read-only

To support multiple access levels per user name, it involves sending back a different “FilterID”
attribute using some server feature to differentiate between the same user name with different
prefixes/suffixes. For example, “username@engineering” and “username@home” could each
return different access levels.

A Radius user/password combination is assigned one access level unless server-specific features
such as prefixes or suffixes are used to assign different access levels.

All radius values, except the server IPs and shared secrets, are assigned reasonable default values
when radius is installed on a new switch module. The defaults are as follows:

•

Client, disabled

•

Timeout, 20 seconds

•

Retries, 3

•

Primary and secondary Authentication ports: 1812 (per RFC 2865)

•

Primary and secondary Accounting ports: 1813 (per RFC 2866)

•

Last-resort for local and remote is CHALLENGE

If only one server is configured, it must be the primary server. It is not necessary to reboot after the
client is reconfigured.

The client cannot be enabled unless the primary server is configured with at least the minimum
configuration information.

NOTE: This is a server-dependent feature.

NOTE: The minimum additional information that must be configured to use a server is
its IP and Shared Secret.