Setup Guide
– level-number: The level-number you wish to set.
If you enter disable without a level-number, your security level is 1.
Resetting a Password
To reset a password on the switch, follow the procedure in Recovering from a Forgotten Password on the switch.
RADIUS
Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol.
This protocol transmits authentication, authorization, and conguration information between a central RADIUS server and a RADIUS client
(the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and
password. The RADIUS server returns one of the following responses:
• Access-Accept — the RADIUS server authenticates the user.
• Access-Reject — the RADIUS server does not authenticate the user.
If an error occurs in the transmission or reception of RADIUS packets, you can view the error by enabling the debug radius command.
Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in plain text). RADIUS uses UDP
as the transport protocol between the RADIUS server host and the client.
For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service.
RADIUS Authentication and Authorization
The system supports RADIUS for user authentication (text password) at login and can be specied as one of the login authentication
methods in the aaa authentication login command.
When conguring AAA authorization, you can congure to limit the attributes of services available to a user. When you enable
authorization, the network access server uses conguration information from the user prole to issue the user's session. The user’s access
is limited based on the conguration attributes.
RADIUS exec-authorization stores a user-shell prole and that is applied during user login. You may name the relevant named-lists with
either a unique name or the default name. When you enable authorization by the RADIUS server, the server returns the following
information to the client:
• Idle Time
• ACL Conguration Information
• Auto-Command
• Privilege Levels
After gaining authorization for the rst time, you may congure these attributes.
NOTE
: RADIUS authentication/authorization is done for every login. There is no dierence between rst-time login and
subsequent logins.
Idle Time
Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used.
RADIUS species idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values
(congured or default) is used. The idle-time value is updated if both of the following happens:
924
Security