Overview of Security Methods
Security Menu Screens
9-7
An access-accept response returns a message USER AUTHORIZATION = <ACCESS LEVEL>
for 3 seconds and then the main screen of the application is displayed. An access-denied response
causes the screen to return to the user name prompt.
If the Radius Client is unable to receive a response from the Radius Server, because the Radius
Server is down or inaccessible, the Radius Client will time out to a default value of 5 seconds.
If the server returns an “access-accept” response (the user successfully authenticated), it must also
return a Radius “FilterID” attribute containing an ASCII string with the following fields in the
specified format:
“Enterasys:version=V:mgmt=M:policy=N”
Where:
V is the version number (currently V=1)
M is the access level for management, one of the following strings:
“su” or “rw” for read-write access (same as super-user)
“ro” for read-only access
N is the policy profile number (see the policy profile MIB)
The secondary server is always consulted if it is configured. Note that the minimum additional
information that must be configured to use a server is its IP and shared secret.
The secondary server is always consulted if it has been configured with its IP and Shared Secret. If
communication is lost to all servers, and the user is connected to the local console serial port, the
authorization screen will change to allow access to the switch by using the Local Management
Module password.
If the user is connected remotely via telnet or WebView, the switch will continue to deny access
until communication with the Radius Server is operational again. Optionally, if the switch has been
configured to allow remote access, the switch can be configured to use the Local Management
Module password in the event of a Radius failure.
NOTES:
Quotation marks (“ ”) are not part of the strings. They are used for clarification only.
If the FilterID attribute is not returned, or the “mgmt” field is absent or contains an
unrecognizable value, access is denied.
Policy profiles are not yet deployed and the “policy=N” part may be omitted.
Summary of Contents for Matrix E6 5G102-06-G
Page 1: ...MATRIX E5 Series Modules 5H1xx and 5G1xx Local Management User s Guide 9033583 02...
Page 2: ......
Page 6: ......
Page 12: ......
Page 22: ......
Page 26: ......
Page 42: ......
Page 48: ......
Page 72: ......
Page 156: ......
Page 174: ......
Page 184: ......
Page 188: ......
Page 192: ......