Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
46
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
RADIUS security
TABLE 8
Brocade vendor-specific attributes for RADIUS
Attribute name
Attribute ID
Data type
Description
foundry-privilege-level
1
integer
Specifies the privilege level for the user. This
attribute can be set to one of the following:
attribute can be set to one of the following:
•
0 - Super User level – Allows complete
read-and-write access to the system. This is
generally for system administrators and is
the only management privilege level that
allows you to configure passwords.
read-and-write access to the system. This is
generally for system administrators and is
the only management privilege level that
allows you to configure passwords.
•
4 - Port Configuration level – Allows
read-and-write access for specific ports but
not for global (system-wide) parameters.
read-and-write access for specific ports but
not for global (system-wide) parameters.
•
5 - Read Only level – Allows access to the
Privileged EXEC mode and User EXEC mode
of the CLI but only with read access.
Privileged EXEC mode and User EXEC mode
of the CLI but only with read access.
foundry-command-string
2
string
Specifies a list of CLI commands that are
permitted or denied to the user when RADIUS
authorization is configured.
The commands are delimited by semi-colons (;).
You can specify an asterisk (*) as a wildcard at
the end of a command string.
For example, the following command list
specifies all show and debug ip commands, as
well as the write terminal command:
show *; debug ip *; write term*
permitted or denied to the user when RADIUS
authorization is configured.
The commands are delimited by semi-colons (;).
You can specify an asterisk (*) as a wildcard at
the end of a command string.
For example, the following command list
specifies all show and debug ip commands, as
well as the write terminal command:
show *; debug ip *; write term*
foundry-command-exception-fl
ag
ag
3
integer
Specifies whether the commands indicated by
the foundry-command-string attribute are
permitted or denied to the user. This attribute can
be set to one of the following:
the foundry-command-string attribute are
permitted or denied to the user. This attribute can
be set to one of the following:
•
0 - Permit execution of the commands
indicated by foundry-command-string, deny
all other commands.
indicated by foundry-command-string, deny
all other commands.
•
1 - Deny execution of the commands
indicated by foundry-command-string,
permit all other commands.
indicated by foundry-command-string,
permit all other commands.
foundry-access-list
5
string
Specifies the access control list to be used for
RADIUS authorization. Enter the access control
list in the following format.
type=string, value="ipacl.[e|s].[in|out] =
[<acl-name>|<acl-number>] <separator>
macfilter.in = [<acl-name>|<acl-number>]
Where:
RADIUS authorization. Enter the access control
list in the following format.
type=string, value="ipacl.[e|s].[in|out] =
[<acl-name>|<acl-number>] <separator>
macfilter.in = [<acl-name>|<acl-number>]
Where:
•
separator can be a space, newline,
semicolon, comma, or null character
semicolon, comma, or null character
•
ipacl.e is an extended ACL; ipacl.s is a
standard ACL.
standard ACL.
foundry-MAC-authent-needs-80
2x
2x
6
integer
Specifies whether or not 802.1x authentication is
required and enabled.
0 - Disabled
1 - Enabled
required and enabled.
0 - Disabled
1 - Enabled