Administration

The vendor specific attribute is used to determine the access level from the server, which may be configured at the RADIUS server with following information:

Vendor ID: Ruggedcom Inc. enterprise number (15004) assigned by Internet Assigned Numbers Authority (IANA)

Sub-attribute Format: String

Vendor Assigned Sub-Attribute Number: 2

Attribute value – any one of: admin, operator, guest

Note: If no access level is received in the response packet from the server then no access will be granted to the user

Example RuggedCom Dictionary for a freeRadius server:

VENDOR

RuggedCom 15004

BEGIN-VENDOR

RuggedCom

ATTRIBUTE

RuggedCom-Privilege-level 2 string

END-VENDOR

RuggedCom

Sample entry for user “admin” Adding Users:

admin Auth-Type := Local, User-Password == "admin" RuggedCom-Privilege-level = "admin

1.12.3 802.1X Authentication (not supported in RS400, N/A for RMC30)

RADIUS Server is also used to authenticate access on ports with 802.1X security support. Attributes sent to RADIUS Server in RADIUS Request are:

user name, derived from client’s EAP identity response

NAS IP address

service type: framed

framed MTU:1500 (maximum size of EAP frame, which is the size of Ethernet frame)

EAP message

vendor specific attribute, as described above

RADIUS messages are sent as UDP messages. Switch and RADIUS server must use the same authentication and encryption key.

RS400

43

ROS™ v3.5

Page 43
Image 43
RuggedCom RS400 manual Vendor