Dell FCX624-E Laptop User Manual


  Open as PDF
of 1494
 
1186 PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Configuring RADIUS security
32
You must add these three Dell vendor-specific attributes to your RADIUS server configuration, and
configure the attributes in the individual or group profiles of the users that will access the Dell
PowerConnect device.
Dell Vendor-ID is 1991, with Vendor-Type 1. The following table describes the Dell vendor-specific
attributes.
TABLE 204 Dell vendor-specific attributes for RADIUS
Attribute name Attribute ID Data type Description
foundry-privilege-level 1 integer Specifies the privilege level for the user. This
attribute can be set to one of the following:
0 - Super User level – Allows complete
read-and-write access to the system. This is
generally for system administrators and is
the only management privilege level that
allows you to configure passwords.
4 - Port Configuration level – Allows
read-and-write access for specific ports but
not for global (system-wide) parameters.
5 - Read Only level – Allows access to the
Privileged EXEC mode and User EXEC mode
of the CLI but only with read access.
foundry-command-string 2 string Specifies a list of CLI commands that are
permitted or denied to the user when RADIUS
authorization is configured.
The commands are delimited by semi-colons (;).
You can specify an asterisk (*) as a wildcard at
the end of a command string.
For example, the following command list
specifies all show and debug ip commands, as
well as the write terminal command:
show *; debug ip *; write term*
foundry-command-exception-fl
ag
3 integer Specifies whether the commands indicated by
the foundry-command-string attribute are
permitted or denied to the user. This attribute can
be set to one of the following:
0 - Permit execution of the commands
indicated by foundry-command-string, deny
all other commands.
1 - Deny execution of the commands
indicated by foundry-command-string,
permit all other commands.
foundry-INM-privilege 4 integer Specifies the IronView Network Manager user
privilege level. This attribute can take a value
range from 0 to 15.
In IronView Network Manager, this attribute value
will be mapped to the preconfigured roles “AAA
privilege level 0” through “AAA privilege level 15”.
The admin user has to configure these roles with
the appropriate sets of privileges in order for the
AAA user to get the correct set of feature access.