Support User Manuals

Dell FCX624-I Laptop User Manual

Open as PDF

of 1494

PowerConnect B-Series FCX Configuration Guide 1185

53-1002266-01

Configuring RADIUS security

32

• You can map up to eight RADIUS servers to each port on the Dell PowerConnect device. The

port will authenticate users using only the RADIUS servers to which it is mapped. If there are

no RADIUS servers mapped to a port, it will use the “global” servers for authentication. In

earlier releases, all RADIUS servers are “global” servers and cannot be bound to individual

ports. Refer to “Mapping a RADIUS server to individual ports” on page 1190.

• You can select only one primary authentication method for each type of access to a device (CLI

through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select RADIUS as

the primary authentication method for Telnet CLI access, but you cannot also select TACACS+

authentication as the primary method for the same type of access. However, you can configure

backup authentication methods for each access type.

RADIUS configuration procedure

Follow the procedure given below to configure a Dell PowerConnect device for RADIUS.

1. Configure Dell vendor-specific attributes on the RADIUS server. Refer to “Configuring

Dell-specific attributes on the RADIUS server” on page 1185.

2. Identify the RADIUS server to the Dell PowerConnect device. Refer to “Identifying the RADIUS

server to the Dell PowerConnect device” on page 1188.

3. Optionally specify different servers for individual AAA functions. Refer to “Specifying different

servers for individual AAA functions” on page 1188.

4. Optionally configure the RADIUS server as a “port only” server. Refer to “Configuring a RADIUS

server per port” on page 1189.

5. Optionally bind the RADIUS servers to ports on the Dell PowerConnect device. Refer to

“Mapping a RADIUS server to individual ports” on page 1190.

6. Set RADIUS parameters. Refer to “Setting RADIUS parameters” on page 1190.

7. Configure authentication-method lists. Refer to “Configuring authentication-method lists for

RADIUS” on page 1192.

8. Optionally configure RADIUS authorization. Refer to “Configuring RADIUS authorization” on

page 1194.

9. Optionally configure RADIUS accounting. “Configuring RADIUS accounting” on page 1195.

Configuring Dell-specific attributes on the

RADIUS server

NOTE

For all Dell PowerConnect devices, RADIUS Challenge is supported for 802.1x authentication but not

for login authentication.

During the RADIUS authentication process, if a user supplies a valid username and password, the

RADIUS server sends an Access-Accept packet to the Dell PowerConnect device, authenticating the

user. Within the Access-Accept packet are three Dell vendor-specific attributes that indicate:

• The privilege level of the user

• A list of commands

• Whether the user is allowed or denied usage of the commands in the list

previous next