Chapter 18: Security Configuration Guide

Configuring SSR Access Security

This section describes the following methods of controlling access to the SSR:

RADIUS

TACACS

TACACS Plus

Passwords

Configuring RADIUS

You can secure login or Enable mode access to the SSR by enabling a Remote Authentication Dial-In Service (RADIUS) client. A RADIUS server responds to the SSR RADIUS client to provide authentication.

You can configure up to five RADIUS server targets on the SSR. A timeout is set to tell the SSR how long to wait for a response from RADIUS servers.

To configure RADIUS security, enter the following commands in Configure mode:

Specify a RADIUS server.

radius set server <hostname or IP-addr>

 

 

Set the RADIUS time to wait for a

radius set timeout <number>

RADIUS server reply.

 

 

 

Determine the SSR action if no

radius set last-resort passwordsucceed

server responds.

 

 

 

Enable RADIUS.

radius enable

 

 

Cause RADIUS authentication at

radius authentication loginenable

user login or when user tries to

 

access Enable mode.

 

 

 

Logs specified types of command

radius accounting command level <level>

to RADIUS server.

 

 

 

Logs to RADIUS server when

radius accounting shell startstopall

shell is stopped or started on SSR.

 

 

 

Logs to RADIUS server SNMP

radius accounting snmp activestartup

changes to startup or active

 

configuration.

 

 

 

Logs specified type(s) of

radius accounting system

messages to RADIUS server.

fatalerrorwarninginfo

 

 

272

SmartSwitch Router User Reference Manual

Page 272
Image 272
Cabletron Systems SmartSwitch manual Configuring SSR Access Security, Configuring Radius