Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

931

932

933

934

935

936

937

938

939

940

904 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Configuring RADIUS security

You enable RADIUS command authorization by specifying a privilege level whose commands

require authorization. For example, to configure the device to perform authorization for the

commands available at the Super User privilege level (that is; all commands on the device), enter

the following command.

PowerConnect(config)# aaa authorization commands 0 default radius

Syntax: aaa authorization commands <privilege-level> default radius | tacacs+ | none

The <privilege-level> parameter can be one of the following:

• 0 – Authorization is performed (that is, the device looks at the command list) for commands

available at the Super User level (all commands)

• 4 – Authorization is performed for commands available at the Port Configuration level

(port-config and read-only commands)

• 5 – Authorization is performed for commands available at the Read Only level (read-only

commands)

NOTE

RADIUS command authorization can be performed only for commands entered from Telnet or SSH

sessions, or from the console. No authorization is performed for commands entered at the Brocade

Network Advisor.

NOTE

Since RADIUS command authorization relies on the command list supplied by the RADIUS server

during authentication, you cannot perform RADIUS authorization without RADIUS authentication.

Command authorization and accounting for console commands

The device supports command authorization and command accounting for CLI commands entered

at the console. To configure the device to perform command authorization and command

accounting for console commands, enter the following.

PowerConnect(config)# enable aaa console

Syntax: enable aaa console

CAUTION

If you have previously configured the device to perform command authorization using a RADIUS

server, entering the enable aaa console command may prevent the execution of any subsequent

commands entered on the console.

This happens because RADIUS command authorization requires a list of allowable commands

from the RADIUS server. This list is obtained during RADIUS authentication. For console sessions,

RADIUS authentication is performed only if you have configured Enable authentication and

specified RADIUS as the authentication method (for example, with the aaa authentication enable

default radius command). If RADIUS authentication is never performed, the list of allowable

commands is never obtained from the RADIUS server. Consequently, there would be no allowable

commands on the console.