Blade ICE G8124 Manuale Utente
BLADEOS 6.5.2 Application Guide
68
Chapter 4: Authentication & Authorization Protocols
BMD00220, October 2010
Switch User Accounts
The user accounts listed in
can be defined in the RADIUS server dictionary file.
RADIUS Attributes for BLADEOS User Privileges
When the user logs in, the switch authenticates his/her level of access by sending the RADIUS
access request, that is, the client authentication request, to the RADIUS authentication server.
access request, that is, the client authentication request, to the RADIUS authentication server.
If the remote user is successfully authenticated by the authentication server, the switch will verify
the privileges of the remote user and authorize the appropriate access. The administrator has an
option to allow secure backdoor access via Telnet/SSH/BBI. Secure backdoor provides switch
access when the RADIUS servers cannot be reached. You always can access the switch via the
console port, by using
the privileges of the remote user and authorize the appropriate access. The administrator has an
option to allow secure backdoor access via Telnet/SSH/BBI. Secure backdoor provides switch
access when the RADIUS servers cannot be reached. You always can access the switch via the
console port, by using
noradius
and the administrator password, whether secure backdoor is
enabled or not.
Note –
To obtain the RADIUS backdoor password for your G8124, contact Technical Support.
All user privileges, other than those assigned to the Administrator, have to be defined in the
RADIUS dictionary. RADIUS attribute 6 which is built into all RADIUS servers defines the
administrator. The file name of the dictionary is RADIUS vendor-dependent. The following
RADIUS attributes are defined for G8124 user privileges levels:
RADIUS dictionary. RADIUS attribute 6 which is built into all RADIUS servers defines the
administrator. The file name of the dictionary is RADIUS vendor-dependent. The following
RADIUS attributes are defined for G8124 user privileges levels:
Table 3
User Access Levels
User Account
Description and Tasks Performed
Password
User
The User has no direct responsibility for switch management.
He/she can view all switch status information and statistics
but cannot make any configuration changes to the switch.
He/she can view all switch status information and statistics
but cannot make any configuration changes to the switch.
user
Operator
The Operator manages all functions of the switch. The
Operator can reset ports, except the management port.
Operator can reset ports, except the management port.
oper
Administrator
The super-user Administrator has complete access to all
commands, information, and configuration commands on the
switch, including the ability to change both the user and
administrator passwords.
commands, information, and configuration commands on the
switch, including the ability to change both the user and
administrator passwords.
admin
Table 4
BLADEOS-proprietary Attributes for RADIUS
User Name/Access
User-Service-Type
Value
User
Vendor-supplied
255
Operator
Vendor-supplied
252
Admin
Vendor-supplied
6