Enterasys Networks 2200 User Manual

Overview of Security Methods

Accessing Local Management

3-11

On the Radius Server, each user is configured with the following:

•

name

•

password

•

access level

The access level can be set to one of the following levels for each user name:

•

super-user

•

read-write

•

read-only

To support multiple access levels per user name, it involves sending back a different “FilterID”
attribute using some server feature to differentiate between the same user name with different
prefixes/suffixes. For example, “username@engineering” and “username@home” could each
return different access levels.

Only one password is allowed per access level. This enables the Radius Server to track the users
accessing the switch host and how long they used the host application.

All radius values, except the server IPs and shared secrets, are assigned reasonable default values
when radius is installed on a new switch. The defaults are as follows:

•

Client, disabled

•

Timeout, 20 seconds

•

Retry, 3

•

Primary and secondary Authentication ports: 1812 (per RFC 2865)

•

Primary and secondary Accounting ports: 1813 (per RFC 2866)

•

Last-resort for local and remote is challenge

If only one server is configured, it must be the primary server. It is not necessary to reboot after the
client is reconfigured.

NOTE: This is a server-dependent feature.