Chapter 1: Accessing the Switch

Switch User Accounts

The user accounts listed in Table 4 can be defined in the RADIUS server dictionary file.

Table 4: User Access Levels

User Account

Description and Tasks Performed

Password

 

 

 

User

The User has no direct responsibility for switch management.

user

 

He or she can view all switch status information and statistics

 

 

but cannot make any configuration changes to the switch.

 

 

 

 

Operator

The Operator manages all functions of the switch. The

oper

 

Operator can reset ports, except the management port.

 

 

 

 

Administrator

The super-user Administrator has complete access to all

admin

 

commands, information, and configuration commands on the

 

 

switch, including the ability to change both the user and

 

 

administrator passwords.

 

 

 

 

RADIUS Attributes for EX2500 User Privileges

When the user logs in, the switch authenticates his or her level of access by sending the RADIUS access request, that is, the client authentication request, to the RADIUS authentication server.

If the remote user is successfully authenticated by the authentication server, the switch will verify the privileges of the remote user and authorize the appropriate access. The administrator has an option to allow secure backdoor access via Telnet, SSH, or the Web Device Manager. Secure backdoor provides switch access when the RADIUS servers cannot be reached. You always can access the switch via the console port, by using noradius and the administrator password, whether secure backdoor is enabled or not.

NOTE: To obtain the RADIUS backdoor password for your EX2500 switch, contact technical support.

All user privileges, other than those assigned to the Administrator, have to be defined in the RADIUS dictionary. RADIUS attribute 6, which is built into all RADIUS servers, defines the administrator. The filename of the dictionary is RADIUS vendor-dependent. Table 5 shows the RADIUS attributes defined for EX2500 user privilege levels.

Table 5: EX2500-Proprietary Attributes for RADIUS

Username/Access

User-Service-Type

Value

 

 

 

User

Vendor-supplied

255

 

 

 

Operator

Vendor-supplied

252

 

 

 

Admin

Vendor-supplied

6

 

 

 

Securing Access to the Switch „ 13

Page 27
Image 27
Juniper Networks manual Switch User Accounts, Radius Attributes for EX2500 User Privileges