Filter
Top Products
46 Brocade ICX 6650 Security Configuration Guide
53-1002601-01
RADIUS security
TABLE 8 Brocade vendor-specific attributes for RADIUS
Attribute name Attribute ID Data type Description
foundry-privilege-level 1 integer Specifies the privilege level for the user. This
attribute can be set to one of the following:
• 0 - Super User level – Allows complete
read-and-write access to the system. This is
generally for system administrators and is
the only management privilege level that
allows you to configure passwords.
• 4 - Port Configuration level – Allows
read-and-write access for specific ports but
not for global (system-wide) parameters.
• 5 - Read Only level – Allows access to the
Privileged EXEC mode and User EXEC mode
of the CLI but only with read access.
foundry-command-string 2 string Specifies a list of CLI commands that are
permitted or denied to the user when RADIUS
authorization is configured.
The commands are delimited by semi-colons (;).
You can specify an asterisk (*) as a wildcard at
the end of a command string.
For example, the following command list
specifies all show and debug ip commands, as
well as the write terminal command:
show *; debug ip *; write term*
foundry-command-exception-fl
ag
3 integer Specifies whether the commands indicated by
the foundry-command-string attribute are
permitted or denied to the user. This attribute can
be set to one of the following:
• 0 - Permit execution of the commands
indicated by foundry-command-string, deny
all other commands.
• 1 - Deny execution of the commands
indicated by foundry-command-string,
permit all other commands.
foundry-access-list 5 string Specifies the access control list to be used for
RADIUS authorization. Enter the access control
list in the following format.
type=string, value="ipacl.[e|s].[in|out] =
[<acl-name>|<acl-number>] <separator>
macfilter.in = [<acl-name>|<acl-number>]
Where:
• separator can be a space, newline,
semicolon, comma, or null character
• ipacl.e is an extended ACL; ipacl.s is a
standard ACL.
foundry-MAC-authent-needs-80
2x
6 integer Specifies whether or not 802.1x authentication is
required and enabled.
0 - Disabled
1 - Enabled