White Papers
• The administrator changes the idle-time of the line on which the user has logged in.
• The idle-time is lower than the RADIUS-returned idle-time.
ACL Conguration Information
The RADIUS server can specify an ACL. If an ACL is congured on the RADIUS server, and if that ACL is present, the user may be allowed
access based on that ACL.
If the ACL is absent, authorization fails, and a message is logged indicating this.
RADIUS can specify an ACL for the user if both of the following are true:
• If an ACL is absent.
• If there is a very long delay for an entry, or a denied entry because of an ACL, and a message is logged.
NOTE: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and TACACS) are supported.
Authorization is denied in cases using Extended ACLs.
Auto-Command
You can congure the system through the RADIUS server to automatically execute a command when you connect to a specic line.
The auto-command command is executed when the user is authenticated and before the prompt appears to the user.
• Automatically execute a command.
auto-command
Privilege Levels
Through the RADIUS server, you can congure a privilege level for the user to enter into when they connect to a session.
This value is congured on the client system.
• Set a privilege level.
privilege level
Conguration Task List for RADIUS
To authenticate users using RADIUS, you must specify at least one RADIUS server so that the system can communicate with and congure
RADIUS as one of your authentication methods.
The following list includes the conguration tasks for RADIUS.
• Dening a AAA Method List to be Used for RADIUS (mandatory)
• Applying the Method List to Terminal Lines (mandatory except when using default lists)
• Specifying a RADIUS Server Host (mandatory)
• Setting Global Communication Parameters for all RADIUS Server Hosts (optional)
• Monitoring RADIUS (optional)
For a complete listing of supported RADIUS commands, refer to the Security chapter in the Dell Networking OS Command Reference
Guide.
NOTE
: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of
authentication. However, if you have congured RADIUS authorization and have not congured authentication, a message is
logged stating this. During authorization, the next method in the list (if present) is used, or if another method is not present, an
error is reported.
896 Security