Section contents, Realms and groups, Overview – Avaya 580 User Manual
Page 132: Realms and groups -20
4-20
User Guide for the Avaya P580 and P882 Multiservice Switches, v6.1
Chapter 4
This interoperability issue occurs because Microsoft RADIUS
server includes a class attribute in Access-Accept messages that
the P580 and P882 RADIUS client does not support. With
service pack 3, you can disable generation of a class attribute.
For more information on this issue, see
.
Section Contents
This section contains the following topics:
■
■
■
■
■
Realms and Groups
Overview
Realms and groups provide two separate functions. A realm provides a way
of organizing user accounts on the RADIUS server. Groups provide a way
of organizing NADs that a user can log in to as well as delivering vendor-
specific parameters that you configure.
For example, you might use a realm called AvayaRealm to organize all user
accounts that can log into Avaya switches in a campus environment. In this
campus, you organize network administrators in to two teams, one team for
the north campus and one for the south campus. Each team needs read-write
access to switches in their half of the campus and read-only access to
switches in the other half of the campus.
You would then assign all of the north switches to a group named
NorthSwitches and the south switches to a group named SouthSwitches.
For each user, you would create two user accounts in the AvayaRealm: one
with a group name of NorthSwitches and one with SouthSwitches. Each
account would have the appropriate permissions for the two switch types.
When a user from the north team logs into a switch in the north campus, the
switch sends an Access-Request message with @AvayaRealm appended to
the user name and a group name of NorthSwitches. The RADIUS server
will send an Access-Accept message indicating that the user has read-write
permission.