Configuration manual
enable or enable privilege-level
If you do not enter a privilege level, the system sets it to 15 by default.
• Move to a lower privilege level.
EXEC Privilege mode
disable level-number
– level-number: The level-number you wish to set.
If you enter disable without a level-number, your security level is 1.
RADIUS
Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol.
This protocol transmits authentication, authorization, and configuration information between a central
RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to
the RADIUS server and requests authentication of the user and password. The RADIUS server returns one
of the following responses:
• Access-Accept — the RADIUS server authenticates the user.
• Access-Reject — the RADIUS server does not authenticate the user.
If an error occurs in the transmission or reception of RADIUS packets, you can view the error by enabling
the debug radius command.
Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent
in plain text). RADIUS uses UDP as the transport protocol between the RADIUS server host and the client.
For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service.
RADIUS Authentication and Authorization
The Dell Networking OS supports RADIUS for user authentication (text password) at login and can be
specified as one of the login authentication methods in the aaa authentication login command.
When configuring AAA authorization, you can configure to limit the attributes of services available to a
user. When you enable authorization, the network access server uses configuration information from the
user profile to issue the user's session. The user’s access is limited based on the configuration attributes.
RADIUS exec-authorization stores a user-shell profile and that is applied during user login. You may name
the relevant named-lists with either a unique name or the default name. When you enable authorization
by the RADIUS server, the server returns the following information to the client:
• Idle Time
• ACL Configuration Information
• Auto-Command
• Privilege Levels Overview
After gaining authorization for the first time, you may configure these attributes.
NOTE: RADIUS authentication/authorization is done for every login. There is no difference between
first-time login and subsequent logins.
758
Security