![Avaya ERS 1600 Technical Configuration Manual Download Page 29](http://html1.mh-extra.com/html/avaya/ers-1600/ers-1600_technical-configuration-manual_3027950029.webp)
Authentication, Authorization and Accounting (AAA) for ERS and ES
Technical Configuration Guide
29
November 2010
avaya.com
Log file on RADIUS client
8600A:6# CPU6 [03/03/08 15:28:13] SW INFO user rw connected from 10.10.50.10
via telnet
CPU6 [03/03/08 15:29:17] SW INFO Closed telnet connection from 10.10.50.10,
user rw rcmd -2
Please note that accounting records for rw user will be similar to the ones for ro and rwa
users already documented in chapter 2.5.4 and 2.5.5.
The following example shows how to allow read-
only (ro) user the command ―clear port stat‖, as the only
possible command under clear port is stats, command can be summarized to ―clear port‖. File
/etc/raddb/users
has to be modified as follow.
ro Auth-Type == Local,User-Password == "ro"
Access-Priority = ro,
Command-Access = "True",
Commands = "clear port"
Please note that Command-Access statement is unique, you cannot
mix ―True‖ and
―False‖.
You can have several commands, use syntax = for first line, then use += for following
lines, always add comma at the end of the line except last line.
2.5.8
ERS 8600
– RADIUS SNMP Accounting
For this example, we will connect to the switch using Device Manager with SNMPv1 protocol. ERS 8600
needs to be configured in order to have RADIUS SNMP accounting, assuming the RADIUS server IP
address is 10.10.50.40 and the client share secret is ―Dda‖ for SNMP accounting.
Please note that RADIUS SNMP accounting requires software release 4.1.3 or above
for proper operation.
Configure RADIUS SNMP accounting on RADIUS client.
8600A:6#
config radius server create 10.10.50.40 secret Dda usedby snmp
enable true
8600A:6#
config radius snmp enable true
8600A:6#
config radius snmp acct-enable true
8600A:6#
show radius snmp info
Sub-Context: clear config dump monitor show test trace wsm asfm sam
Current Context:
abort-session-timer : 180
acct-enable : true
user : snmp_user
enable : true