Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

921

922

923

924

925

926

927

928

929

930

894 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Configuring RADIUS security

3. If the command belongs to a privilege level that requires authorization, the device looks at the

list of commands delivered to it in the RADIUS Access-Accept packet when the user was

authenticated. (Along with the command list, an attribute was sent that specifies whether the

user is permitted or denied usage of the commands in the list.)

NOTE

After RADIUS authentication takes place, the command list resides on the device. The RADIUS

server is not consulted again once the user has been authenticated. This means that any

changes made to the user command list on the RADIUS server are not reflected until the next

time the user is authenticated by the RADIUS server, and the new command list is sent to the

device.

4. If the command list indicates that the user is authorized to use the command, the command is

executed.

RADIUS accounting

RADIUS accounting works as follows.

1. One of the following events occur on the device:

• A user logs into the management interface using Telnet or SSH

• A user enters a command for which accounting has been configured

• A system event occurs, such as a reboot or reloading of the configuration file

2. The device checks its configuration to see if the event is one for which RADIUS accounting is

required.

3. If the event requires RADIUS accounting, the device sends a RADIUS Accounting Start packet

to the RADIUS accounting server, containing information about the event.

4. The RADIUS accounting server acknowledges the Accounting Start packet.

5. The RADIUS accounting server records information about the event.

6. When the event is concluded, the device sends an Accounting Stop packet to the RADIUS

accounting server.

7. The RADIUS accounting server acknowledges the Accounting Stop packet.

AAA operations for RADIUS

The following table lists the sequence of authentication, authorization, and accounting operations

that take place when a user gains access to a device that has RADIUS security configured.

TABLE 140

User action Applicable AAA operations

User attempts to gain access to the

Privileged EXEC and CONFIG levels

of the CLI

Enable authentication:

aaa authentication enable default <method-list>

System accounting start:

aaa accounting system default start-stop <method-list>