Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000

791

792

793

794

795

796

797

798

799

800

794 | Security

www.dell.com | support.dell.com

Set access to privilege levels through RADIUS

Through the RADIUS server, you can use the command privilege level to configure a privilege level for the

user to enter into when they connect to a session.This value is configured on the client system.

Configuration Task List for RADIUS

To authenticate users using RADIUS, at least one RADIUS server must be specified so that the system can

communicate with and configure RADIUS as one of your authentication methods.

The following list includes the configuration tasks for RADIUS.

• Define a aaa method list to be used for RADIUS (mandatory)

• Apply the method list to terminal lines (mandatory except when using default lists)

• Specify a RADIUS server host (mandatory)

• Set global communication parameters for all RADIUS server hosts (optional)

• Monitor RADIUS (optional)

For a complete listing of all FTOS commands related to RADIUS, refer to the Security chapter in the

FTOS Command Reference Guide.

To view the configuration, use the

show config in the LINE mode or the show running-config command in

the EXEC Privilege mode.

Define a AAA method list to be used for RADIUS

To configure RADIUS to authenticate or authorize users on the system, you must create a AAA method

list. Default method lists do not need to be explicitly applied to the line, so they are not mandatory. To

create a method list, enter one of the following commands in CONFIGURATION mode:

Note: RADIUS authentication and authorization are done in a single step. Hence, authorization

cannot be used independent of authentication. However, if RADIUS authorization is configured

and authentication is not, then a message is logged stating this. During authorization, the next

method in the list (if present) is used, or if another method is not present, an error is reported.

Command Syntax Command Mode Purpose

aaa authentication login

method-list-name radius

CONFIGURATION Enter a text string (up to 16 characters long) as the name

of the method list you wish to use with the RADIUS

authentication method.

aaa authorization exec

{method-list-name | default} radius

tacacs+

CONFIGURATION Create methodlist with RADIUS and TACACS+ as

authorization methods. Typical order of methods:

RADIUS, TACACS+, Local, None. If authorization is

denied by RADIUS, the session ends (radius should not

be the last method specified).