Netgear XCM8810 - 8800 SERIES 10-SLOT CHASSIS SWITCH ユーザーズマニュアル
Chapter 17. Security
|
489
NETGEAR 8800 User Manual
Configuring the Dictionary File
Before you can use NETGEAR VSAs on a RADIUS server, you must define the VSAs. On
the FreeRADIUS server, you define the VSAs in the dictionary file in the
the FreeRADIUS server, you define the VSAs in the dictionary file in the
/etc/raddb
directory. You must define the vendor ID for NETGEAR, each of the VSAs you plan to use,
and the values to send for the VSAs. The following example shows the entries to add to a
FreeRADIUS server dictionary file for NETGEAR VSAs:
and the values to send for the VSAs. The following example shows the entries to add to a
FreeRADIUS server dictionary file for NETGEAR VSAs:
VENDOR Netgear 1916
ATTRIBUTE Netgear-CLI-Authorization 201 integer Netgear
ATTRIBUTE Netgear-Shell-Command 202 string Netgear
ATTRIBUTE Netgear-Netlogin-Vlan 203 string Netgear
ATTRIBUTE Netgear-Netlogin-Url 204 string Netgear
ATTRIBUTE Netgear-Netlogin-Url-Desc 205 string Netgear
ATTRIBUTE Netgear-Netlogin-Only 206 integer Netgear
ATTRIBUTE Netgear-Netlogin-Vlan-Tag 209 integer Netgear
ATTRIBUTE Netgear-Netlogin-Extended-Vlan 211 string Netgear
ATTRIBUTE Netgear-Security-Profile 212 string Netgear
VALUE Netgear-CLI-Authorization Disabled 0
VALUE Netgear-CLI-Authorization Enabled 1
VALUE Netgear-Netlogin-Only Disabled 0
VALUE Netgear-Netlogin-Only Enabled 1
# End of Dictionary
The lines that begin with
VALUE
provide the integers that the RADIUS server sends to the
switch when the corresponding text is configured in the RADIUS users file. For example, if
the
the
Netgear-CLI-Authorization
attribute is set to
Enabled
for a particular user, the RADIUS
server sends the value 1 to the switch (which reduces total bytes transferred). The XCM8800
software is designed to interpret the integer values as shown above, so be sure to use these
values.
software is designed to interpret the integer values as shown above, so be sure to use these
values.
Configuring Command Authorization (RADIUS Profiles)
Command authorization is enabled in the users file on a FreeRADIUS server, and configured
in the profiles file. Additional configuration is required in the dictionary file and the clients file.
Other RADIUS servers might use different file names or a different syntax for configuration,
but the basic components for configuring command authorization are the same. The following
sections describe the tasks for configuring command authorization:
in the profiles file. Additional configuration is required in the dictionary file and the clients file.
Other RADIUS servers might use different file names or a different syntax for configuration,
but the basic components for configuring command authorization are the same. The following
sections describe the tasks for configuring command authorization: