Dell MXL 10/40GbE RADIUS Authentication and Authorization

For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service.

The Dell Networking OS supports RADIUS for user authentication (text password) at login and can be

specified as one of the login authentication methods in the aaa authentication login command.

When configuring AAA authorization, you can configure to limit the attributes of services available to a

user. When you enable authorization, the network access server uses configuration information from the

user profile to issue the user's session. The user’s access is limited based on the configuration attributes.

RADIUS exec-authorization stores a user-shell profile and that is applied during user login. You may name

the relevant named-lists with either a unique name or the default name. When you enable authorization

NOTE: RADIUS authentication/authorization is done for every login. There is no difference between

first-time login and subsequent logins.

Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30

minutes is used.

RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the

lower of the two idle-time values (configured or default) is used. The idle-time value is updated if both of

the following happens:

• The administrator changes the idle-time of the line on which the user has logged in.

• The idle-time is lower than the RADIUS-returned idle-time.

• If there is a very long delay for an entry, or a denied entry because of an ACL, and a message is

NOTE: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and

TACACS) are supported. Authorization is denied in cases using Extended ACLs.

792 Security