Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series
321322323324325326327328329330
324 Authentication, Authorization, and Accounting
The RADIUS server should be configured such that it will send the Cisco AV
Pair attribute with the “roles” value. For example:
shell:roles=router-admin
The above example attribute gives the user access to the commands
permitted by the router-admin profile.
RADIUS Change of Authorization
Dell EMC Networking N-Series switches support the Change of
Authorization Disconnect-Request per RFC 3576. The Dell EMC
Networking N-Series switch listens for the Disconnect-Request on UDP port
3799. The Disconnect-Request identifies the user session to be terminated
using any or all of the following attributes:
User-Name (IETF attribute #1)
NAS-Port (IETF attribute #5)
Framed-IP-Address (IETF attribute #8)
Acct-Session-Id (IETF attribute #44)
Calling-Station-Id (IETF attribute #31, which contains the host MAC
address)
For CLI-based sessions (Console, Telnet and SSH), the supported Session
Identification Attributes are User-Name and Framed-IP-Address.
The Calling-Station-ID must be a string of upper or lower case hexadecimal
digits in one of the following formats:
Raw notation, for example, AbCD01234567 - length 12
Dotted quad notation, for example, BADC.1010.1234 - length 14
Colon separated hex digits, for example, AB:cd:01:23:45:67 - length 17
Dash separated hex digits: 01-23-45-67-89-Ab - length 17
The RADIUS Disconnect message may also contain the Acct-Terminate-
Cause attribute (IETF #49).
The following messages from RFC 3576 are supported:
40 – Disconnect-Request
41 – Disconnect-ACK
42 – Disconnect-NAK