5

RADIUS Authentication, Authorization, and Accounting

Contents

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Authentication Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Accounting Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4RADIUS-Administered CoS and Rate-Limiting . . . . . . . . . . . . . . . . . . .5-4RADIUIS-Administered Commands Authorization . . . . . . . . . . . . . . . . 5-4 SNMP Access to the Switch’s Authentication Configuration MIB . . . 5-4

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 5-5

Switch Operating Rules for RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 5-6

General RADIUS Setup Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 5-7

Configuring the Switch for RADIUS Authentication . . . . . . . . . . . .

. 5-8

Outline of the Steps for Configuring RADIUS Authentication . . . . .

. 5-9

1. Configure Authentication for the Access Methods

 

You Want RADIUS To Protect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-10

2. Enable the (Optional) Access Privilege Option . . . . . . . . . . . . . . . .

5-13

3. Configure the Switch To Access a RADIUS Server . . . . . . . . . . . .

5-14

4. Configure the Switch’s Global RADIUS Parameters . . . . . . . . . . .

5-17

Using SNMP To View and Configure

Switch Authentication Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21 Changing and Viewing the SNMP Access Configuration . . . . . . . . . . 5-22

Local Authentication Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24

Controlling Web Browser Interface Access . . . . . . . . . . . . . . . . . . . . 5-25

Commands Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26 Enabling Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27 Displaying Authorization Information . . . . . . . . . . . . . . . . . . . . . . . . . 5-28 Configuring Commands Authorization on a RADIUS Server . . . . . . 5-28 Using Vendor Specific Attributes (VSAs) . . . . . . . . . . . . . . . . . . . 5-28

5-1