Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x
931932933934935936937938939940
PowerConnect B-Series TI24X Configuration Guide 897
53-1002269-02
Configuring RADIUS security
26
Whether the user is allowed or denied usage of the commands in the list
You must add these three Dell vendor-specific attributes to your RADIUS server configuration, and
configure the attributes in the individual or group profiles of the users that will access the device.
Dell Vendor-ID is 1991, with Vendor-Type 1. The following table describes the Dell vendor-specific
attributes.
Enabling SNMP to configure RADIUS
To enable SNMP access to RADIUS MIB objects on the device, enter a command such as the
following.
PowerConnect(config)# enable snmp config-radius
Syntax: [no] enable snmp <config-radius | config-tacacs>
The <config-radius> parameter specifies the RADIUS configuration mode. RADIUS is disabled by
default.
TABLE 141 Dell vendor-specific attributes for RADIUS
Attribute name Attribute ID Data type Description
foundry-privilege-level 1 integer Specifies the privilege level for the user. This
attribute can be set to one of the following:
0 - Super User level – Allows complete
read-and-write access to the system. This is
generally for system administrators and is
the only management privilege level that
allows you to configure passwords.
4 - Port Configuration level – Allows
read-and-write access for specific ports but
not for global (system-wide) parameters.
5 - Read Only level – Allows access to the
Privileged EXEC mode and CONFIG mode of
the CLI but only with read access.
foundry-command-string 2 string Specifies a list of CLI commands that are
permitted or denied to the user when RADIUS
authorization is configured.
The commands are delimited by semi-colons (;).
You can specify an asterisk (*) as a wildcard at
the end of a command string.
For example, the following command list
specifies all show and debug ip commands, as
well as the write terminal command:
show *; debug ip *; write term*
foundry-command-exception-fl
ag
3 integer Specifies whether the commands indicated by
the foundry-command-string attribute are
permitted or denied to the user. This attribute can
be set to one of the following:
0 - Permit execution of the commands
indicated by foundry-command-string, deny
all other commands.
1 - Deny execution of the commands
indicated by foundry-command-string,
permit all other commands.