Manuals / Dell / Computer Equipment / Computer Accessories

Dell 6200 SERIES Radius Configuration Examples, Example #1 Basic Radius Server Configuration, 118

Models: 6200 SERIES

1 176

Download 176 pages 5.47 Kb

Page 118

attributes containing configuration information. If the server rejects the user, it returns a negative result. If the server rejects the client or the shared “secrets” differ, the server returns no result. If the server requires additional verification from the user, it returns a challenge, and the request process begins again.

If you use a RADIUS server to authenticate users, you must configure user attributes in the user database on the RADIUS server. The user attributes include the user name, password, and privilege level.

NOTE: To set the privilege level, use the Service-Typeattribute. Do not us any vendor-specific attribute value pairs.

The following example shows an entry in the FreeRADIUS /etc/raddb/users file that allows a user (name: admin) to log onto the switch with read/write privileges, which is equivalent to privilege level 15.

admin	Auth-Type :=	Local,
	User-Password == "pass1234"
	Service-Type = NAS-Prompt-User
enable	Auth-Type := Local,
	User-Password == "pass5678"
	Service-Type = Administrative-User

The values for the Service-Type attribute are as follows:

•NAS-Prompt-Userindicates the user should be provided a command prompt on the NAS, from which nonprivileged commands can be executed.

•Administrative-Userindicates the user should be granted access to the administrative interface to the NAS, from which privileged commands can be executed.

RADIUS Configuration Examples

This section contains examples of commands used to configure RADIUS settings on the switch.

Example #1: Basic RADIUS Server Configuration

This example configures two RADIUS servers at 10.10.10.10 and 11.11.11.11. Each server has a unique shared secret key. The shared secrets are configured to be secret1 and secret2 respectively. The server at

10.10.10.10is configured as the primary server. The process creates a new authentication list, called radiusList, which uses RADIUS as the primary authentication method, and local authentication as a backup method in the event that the RADIUS server cannot be contacted.

118

Device Security

Image 118

Dell 6200 SERIES manual Radius Configuration Examples, Example #1 Basic Radius Server Configuration, 118

Contents

Configuration Guide Model PC6224, PC6248, PC6224P, PC6248P, and PC6224F April Contents Web Interface Configuration LAGs/Port-channels 100 106 135 162 About this Document OrganizationAdditional Documentation System Configuration Traceroute CLI ExampleOverview Configuration ScriptingConsiderations Example #1 Viewing the Script Options Example #3 Applying a Script to the Active ConfigurationCLI Examples Example #2 Viewing and Deleting Existing ScriptsExample #4 Copying the Active Configuration into a Script TftpOutbound Telnet OverviewExample #1 Connecting to Another System by Using Telnet Simple Network Time Protocol SntpExample #2 Configuring the Sntp Server Example #1 Viewing Sntp OptionsExample #3 Viewing Sntp Information console#show sntp ? Interpreting Log Files SyslogExample #1 Viewing Logging Information Example #5 Configuring Syslog Server Example #2 Viewing the Logging FileExample #1 Enter a Description for a Port Port DescriptionExample #2 Show the Port Description Storm Control Example #2 Set Multicast Storm Control for an Interface Example #1 Set Broadcast Storm Control for an InterfaceExample #3 Set Unicast Storm Control for an Interface Cable Diagnostics Copper Port Cable TestExample #2 Show Copper Cable Length Fiber Port Cable Test Example #1 Show Optical Transceiver DiagnosticsExample #3 Show Last Time Domain Reflectometry Tests System Configuration Switching Configuration Virtual LANsVlan Configuration Example Vlan IDExample #1 Create Two VLANs Example #2 Assign Ports to VLAN2Example #3 Assign Ports to VLAN3 Example #4 Assign VLAN3 as the Default VlanExample #5 Assign IP Addresses to Vlan Web Interface Example #6 View Information About VlanExample #2 Associate an IP Address with a Vlan IP Subnet and MAC-Based VLANsExample #1 Associate an IP Subnet with a Vlan Example #3 Associate a MAC Address with a VlanPrivate Edge VLANs Example #4 Viewing IP Subnet and MAC-Based Vlan AssociationsExample #1 Configuring a Protected Port Example #2 Viewing Protected Port GroupUsing Voice Vlan Voice VlanExample#1 Configuring Voice Vlan Interaction with LLDP-MEDExample #2 Configuring Voice Vlan on an Unauthenticated Port Switch with Igmp Snooping Igmp SnoopingEnable Igmp snooping on the Vlan Igmp Example #1 Enable Igmp Snooping Querier on the Switch Igmp Snooping QuerierExample #2 Configure Igmp Snooping Querier Properties Example #4 Enable Igmp Snooping Querier on a VlanLink Aggregation/Port Channels Example #5 Show Igmp Snooping Querier Information for VlanShows the example network Example 2 Add the Physical Ports to the Port-Channels Example 1 Create Names for Two Port-ChannelsExample 3 Show the Port Channels Web Interface Configuration LAGs/Port-channels Port Mirroring Example #1 Set up a Port Mirroring SessionExample #2 Show the Port Mirroring Session Port Security OperationExample #1 Enable Port Security on an Interface Example #2 Show Port SecurityExample #1 Set Global Lldp Parameters Link Layer Discovery ProtocolExample #2 Set Interface Lldp Parameters Example #3 Show Global Lldp Parameters Example #4 Show Interface Lldp ParametersDenial of Service Attack Protection OverviewDescribes the dos-controlkeywords Example #1 Enabling all DOS ControlsExample #2 Viewing the DoS Configuration Information Dhcp SnoopingSwitching Configuration Bindin g Example #2 Enable Dhcp snooping on a Vlan Example #1 Enable Dhcp snooping for the switchExample #3 Enable Dhcp snoopings Source MAC verification Example #8 Configure rate limiting on an interface Example #7 Configure an interface as Dhcp snooping trustedExample #9 Configure a Dhcp snooping static binding entry Switching Configuration Switching Configuration Example #12 Show Dhcp Snooping database configurations Example #13 Show Dhcp Snooping binding entriesSwitching Configuration Example #15 Show Dhcp Snooping Per Port Statistics Switching Configuration SFlow SFlow Collector/AnalyzerSFlow Agents Packet Flow SamplingCLI Examples Counter SamplingExample #4 Show the sFlow configuration for receiver index Switching Configuration Switching Configuration Routing Configuration Vlan Routing Example 1 Create Two VLANsExample 2 Configure the Vlan Members Using the Web Interface to Configure Vlan Routing Example 4 Enable Routing for the SwitchVrrp Example Network Configuration Virtual Router Redundancy ProtocolConfiguring Vrrp on the Switch as a Master Router Configuring Vrrp on the Switch as a Backup RouterUsing the Web Interface to Configure Vrrp Example #1 Enabling Proxy ARP Proxy Address Resolution Protocol ARPExample #2 Viewing the Interface Information Ospf Concepts and Terms Areas and TopologyOspf Routers and LSAs Metrics and Route SelectionOspf Example Network Diagram Border Router Enable routing for the switch Example 2 Configuring Stub and Nssa Areas IPv4 OSPFv2Ospf Configuration-Stub Area and Nssa Area Define an Ospf router Routing Configuration Example 3 Configuring a Virtual Link Ospf Configuration-Virtual LinkRouting Configuration Routing Configuration RIP Configuration Routing Information ProtocolExample #1 Enable Routing for the Switch Example #2 Enable Routing for PortsExample #3. Enable RIP for the Switch Using the Web Interface to Configure RIPExample #4. Enable RIP for the Vlan Routing Interfaces Assigning Administrative Preferences to Routing Protocols Route PreferencesExample 1 Configure Administrative Preferences Using Equal Cost Multipath Forwarding Without EcmpExample 1 Configuring an Ecmp Route Loopback Interfaces Next, you assign an IPv4 or IPv6 address to the interfaceIP Helper 100Default Ports UDP Port Numbers Implied By Wildcard Protocol 101Example 3 Enable IP Helper Globally UDP Example 1 Enable/Disable IP HelperExample 2 Configure IP Helper Globally Dhcp 102103 Example 8 Show IP Helper Statistics Example 7 Show IP Helper Configurations104 Device Security 105Example #1 Configure Radius Server for Authentication 802.1x Network Access Control802.1x Network Access Control Examples 106Switch with 802.1x Network Access Control 107Example #2 MAC-Based Authentication Mode 108Guest Vlan 802.1X Authentication and VLANsAuthenticated and Unauthenticated VLANs 109Example #2 Enable Guest VLANs Example #1 Allow the Switch to Accept RADIUS-Assigned VLANs110 Access Control Lists ACLs Authentication Server Filter Assignment111 Limitations 112Egress ACL Limitations MAC ACLs113 IP ACLs ACL Configuration Process114 IP ACL CLI Example 115Configuring a MAC ACL Viewing the MAC ACL Information 117Example #1 Basic Radius Server Configuration Radius Configuration Examples118 119 Radius Servers in a NetworkExample #2 Set the NAS-IP Address for the Radius Server TACACS+ Configuration Example120 PowerConnect 6200 Series Switch with TACACS+ 121Operation in the Network 802.1x MAC Authentication Bypass MAB122 Example 1 Enable/Disable MAB 123Example 2 Show MAB Configuration 124Functional Description Captive Portal125 Captive Portal Configuration Captive Portal Configuration, Status and Statistics126 Description Range Usage Default 127Client Connections Captive Portal Status128 Captive Portal Statistics Example 6 Show Captive Portal Instances 130To view the configuration change, use the following command 131To create a local user, use the following command 132133 134 Overview Interface Configuration135 Device 136137 138 Trusted and Untrusted Ports/CoS Mapping Table Class of Service QueuingIngress Port Configuration 139Queue Management Type Egress Port Configuration-Traffic ShapingQueue configuration CoS Mapping Table for Trusted Ports141 IngressCoS1/g Configuration Example System Diagram 142Differentiated Services 143Example #1 DiffServ Inbound Configuration 144145 DiffServ for VoIP Configuration Example 146DiffServ VoIP Example Network Diagram 147Example #2 Configuring DiffServ VoIP Support 148Multicast 149Igmp Configuration 150Igmp Proxy Example #1 Configuring Igmp Proxy on the Router151 Example #2 View Igmp Proxy Configuration Data 152CLI Example 153PIM 154Example PIM-SM 155Example PIM-DM Multicast Routing and Igmp Snooping 157Console#show ip pimdm 158Console#show ip igmp 159160 Utility 161Assignment of Tftp Server Auto ConfigIP Address Assignment 162Obtaining a Config File 163Monitoring and Completing the Auto Config Process 164Network Configuration Considerations Restarting the Auto Config ProcessSwitch Configuration Considerations 165Other Functions 166Example 2 Enable Auto Config Example 1 Show Auto Config Process167 Checkpointing Nonstop Forwarding on a Switch StackInitiating a Failover 168169 Applications that Checkpoint Data Checkpointed DataNSF Network Design Considerations Switch Stack MAC Addressing and Stack Design ConsiderationsNSF Default Behavior 170Data Center Configuration Examples171 Dhcp Snooping Scenario VoIP172 ` ` 173Storage Access Network Scenario 174Routed Access Scenario 175176