RADIUS
Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol.
This protocol transmits authentication, authorization, and configuration information between a central
RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to
the RADIUS server and requests authentication of the user and password. The RADIUS server returns one
of the following responses:
•
Access-Accept
— the RADIUS server authenticates the user.
•
Access-Reject
— the RADIUS server does not authenticate the user.
If an error occurs in the transmission or reception of RADIUS packets, you can view the error by enabling
the
debug radius
command.
Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent
in plain text). RADIUS uses UDP as the transport protocol between the RADIUS server host and the client.
For more information about RADIUS, refer to RFC 2865,
Remote Authentication Dial-in User Service
.
RADIUS Authentication
Dell Networking OS supports RADIUS for user authentication (text password) at login and can be
specified as one of the login authentication methods in the
aaa authentication login
command.
Idle Time
Every session line has its own idle-time. If the idle-time value is not changed, the default value of
30
minutes
is used.
RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the
lower of the two idle-time values (configured or default) is used. The idle-time value is updated if both of
the following happens:
• The administrator changes the idle-time of the line on which the user has logged in.
• The idle-time is lower than the RADIUS-returned idle-time.
ACL Configuration Information
The RADIUS server can specify an ACL. If an ACL is configured on the RADIUS server, and if that ACL is
present, the user may be allowed access based on that ACL.
If the ACL is absent, authorization fails, and a message is logged indicating this.
RADIUS can specify an ACL for the user if both of the following are true:
• If an ACL is absent.
• If there is a very long delay for an entry, or a denied entry because of an ACL, and a message is
logged.
NOTE: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and
TACACS) are supported. Authorization is denied in cases using Extended ACLs.
Security
725
Summary of Contents for Z9000
Page 1: ...Dell Configuration Guide for the Z9000 System 9 7 0 0 ...
Page 80: ...grub reboot 80 Management ...
Page 128: ... 0 Te 1 1 Te 1 2 rx Flow N A N A 128 Access Control Lists ACLs ...
Page 491: ...Figure 70 Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol MSDP 491 ...
Page 496: ...Figure 73 MSDP Default Peer Scenario 1 496 Multicast Source Discovery Protocol MSDP ...
Page 497: ...Figure 74 MSDP Default Peer Scenario 2 Multicast Source Discovery Protocol MSDP 497 ...
Page 498: ...Figure 75 MSDP Default Peer Scenario 3 498 Multicast Source Discovery Protocol MSDP ...
Page 760: ...Figure 100 Single and Double Tag TPID Match 760 Service Provider Bridging ...
Page 761: ...Figure 101 Single and Double Tag First byte TPID Match Service Provider Bridging 761 ...