DELL N3000 User Manual
232
Configuring Authentication, Authorization, and Accounting
RADIUS Authorization Example—Administrative Profiles
The switch should use the same configuration as in the previous
authorization example.
The RADIUS server should be configured such that it will send the Cisco AV
The RADIUS server should be configured such that it will send the Cisco AV
Pair attribute with the “roles” value. For example:
shell:roles=router-admin
The above example attribute gives the user access to the commands
permitted by the router-admin profile.
Using RADIUS Servers to Control Management
Access
The RADIUS client on the switch supports multiple RADIUS servers. When
multiple authentication servers are configured, they can help provide
redundancy. One server can be designated as the primary and the other(s) will
function as backup server(s). The switch attempts to use the primary server
first. if the primary server does not respond, the switch attempts to use the
backup servers. A priority value can be configured to determine the order in
which the backup servers are contacted.
How Does RADIUS Control Management Access?
Many networks use a RADIUS server to maintain a centralized user database
that contains per-user authentication information. RADIUS servers provide a
centralized authentication method for:
• Telnet Access
• Web Access
• Console to Switch Access
• Access Control Port (802.1X)
• Web Access
• Console to Switch Access
• Access Control Port (802.1X)
Like TACACS+, RADIUS access control utilizes a database of user
information on a remote server. Making use of a single database of accessible
information—as in an Authentication Server—can greatly simplify the
authentication and management of users in a large network. One such type of
Authentication Server supports the Remote Authentication Dial In User
Service (RADIUS) protocol as defined by RFC 2865.