Configuring ssr access security, Configuring radius – Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User Manual

Chapter 20: Security Configuration Guide

276

SmartSwitch Router User Reference Manual

Configuring SSR Access Security

This section describes the following methods of controlling access to the SSR:

•

RADIUS

•

TACACS

•

TACACS Plus

•

Passwords

Configuring RADIUS

You can secure login or Enable mode access to the SSR by enabling a Remote
Authentication Dial-In Service (RADIUS) client. A RADIUS server responds to the SSR
RADIUS client to provide authentication.

You can configure up to five RADIUS server targets on the SSR. A timeout is set to tell the
SSR how long to wait for a response from RADIUS servers.

To configure RADIUS security, enter the following commands in Configure mode:

Specify a RADIUS server.

radius set server

Set the RADIUS time to wait for a
RADIUS server reply.

radius set timeout

Determine the SSR action if no
server responds.

radius set last-resort password|succeed

Enable RADIUS.

radius enable

Cause RADIUS authentication at
user login or when user tries to
access Enable mode.

radius authentication login|enable

Logs specified types of command
to RADIUS server.

radius accounting command level <

level

>

Logs to RADIUS server when
shell is stopped or started on SSR.

radius accounting shell start|stop|all

Logs to RADIUS server SNMP
changes to startup or active
configuration.

radius accounting snmp active|startup

Logs specified type(s) of
messages to RADIUS server.

radius accounting system
fatal|error|warning|info