Dell 9.7(0.0) Plumbing Product User Manual


  Open as PDF
of 1039
 
ACL Configuration Information
The RADIUS server can specify an ACL. If an ACL is configured on the RADIUS server, and if that ACL is
present, the user may be allowed access based on that ACL.
If the ACL is absent, authorization fails, and a message is logged indicating this.
RADIUS can specify an ACL for the user if both of the following are true:
If an ACL is absent.
If there is a very long delay for an entry, or a denied entry because of an ACL, and a message is
logged.
NOTE: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and
TACACS) are supported. Authorization is denied in cases using Extended ACLs.
Auto-Command
You can configure the system through the RADIUS server to automatically execute a command when
you connect to a specific line.
The auto-command command is executed when the user is authenticated and before the prompt
appears to the user.
Automatically execute a command.
auto-command
Privilege Levels
Through the RADIUS server, you can configure a privilege level for the user to enter into when they
connect to a session.
This value is configured on the client system.
Set a privilege level.
privilege level
Configuration Task List for RADIUS
To authenticate users using RADIUS, you must specify at least one RADIUS server so that the system can
communicate with and configure RADIUS as one of your authentication methods.
The following list includes the configuration tasks for RADIUS.
Defining a AAA Method List to be Used for RADIUS (mandatory)
Applying the Method List to Terminal Lines (mandatory except when using default lists)
Specifying a RADIUS Server Host (mandatory)
Setting Global Communication Parameters for all RADIUS Server Hosts (optional)
Monitoring RADIUS (optional)
For a complete listing of supported RADIUS commands, refer to the Security chapter in the Dell
Networking OS Command Reference Guide.
NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization
cannot be used independent of authentication. However, if you have configured RADIUS
authorization and have not configured authentication, a message is logged stating this. During
authorization, the next method in the list (if present) is used, or if another method is not present, an
error is reported.
Security
801