Brocade Communications Systems Brocade ICX 6650 6650 User Manual
Page 66
46
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
RADIUS security
TABLE 8
Brocade vendor-specific attributes for RADIUS
Attribute name
Attribute ID
Data type
Description
foundry-privilege-level
1
integer
Specifies the privilege level for the user. This
attribute can be set to one of the following:
•
0 - Super User level – Allows complete
read-and-write access to the system. This is
generally for system administrators and is
the only management privilege level that
allows you to configure passwords.
•
4 - Port Configuration level – Allows
read-and-write access for specific ports but
not for global (system-wide) parameters.
•
5 - Read Only level – Allows access to the
Privileged EXEC mode and User EXEC mode
of the CLI but only with read access.
foundry-command-string
2
string
Specifies a list of CLI commands that are
permitted or denied to the user when RADIUS
authorization is configured.
The commands are delimited by semi-colons (;).
You can specify an asterisk (*) as a wildcard at
the end of a command string.
For example, the following command list
specifies all show and debug ip commands, as
well as the write terminal command:
show *; debug ip *; write term*
foundry-command-exception-fl
ag
3
integer
Specifies whether the commands indicated by
the foundry-command-string attribute are
permitted or denied to the user. This attribute can
be set to one of the following:
•
0 - Permit execution of the commands
indicated by foundry-command-string, deny
all other commands.
•
1 - Deny execution of the commands
indicated by foundry-command-string,
permit all other commands.
foundry-access-list
5
string
Specifies the access control list to be used for
RADIUS authorization. Enter the access control
list in the following format.
type=string, value="ipacl.[e|s].[in|out] =
[
macfilter.in = [
Where:
•
separator can be a space, newline,
semicolon, comma, or null character
•
ipacl.e is an extended ACL; ipacl.s is a
standard ACL.
foundry-MAC-authent-needs-80
2x
6
integer
Specifies whether or not 802.1x authentication is
required and enabled.
0 - Disabled
1 - Enabled