Справочник Пользователя для Enterasys Networks 2E253

To use HACA, the embedded Radius Client on the switch must be configured to communicate with 
the Radius Server, and the Radius Server must be configured with the password information. The 
software used for this application provides the ability to centralize the Authentication, 
Authorization, and Accounting (AAA) of the network resources. For more information, refer to the 
RFC 2865 (Radius Authentication) and RFC 2866 (Radius Accounting) for a description of the 
protocol.

Each switch has its own Radius Client. The client can be configured via the Radius Configuration 
screen described in 

The IP address of the Radius Server and shared secret text string must be configured on the 
Radius Client. The client uses the Password Authentication Protocol (PAP) to communicate the 
user name and encrypted password to the Radius Server.

On the Radius Server, each user is configured with the following:

name 

password 

access level 

The access level can be set to one of the following levels for each user name:

super-user

read-write

read-only

To support multiple access levels per user name, it involves sending back a different “FilterID” 
attribute using some server feature to differentiate between the same user name with different 
prefixes/suffixes. For example, “username@engineering” and “username@home” could each 
return different access levels.

NOTE: This is a server-dependent feature.