Transition Networks
S4224 Web User Guide
33558 Rev. C
Page 56 of 669
Methods that involve remote servers are timed out if the remote servers are offline. In this case, the next
method is tried. Each method is tried from left to right and continues until a method either approves or
rejects a user. If a remote server is used for ‘primary’ authentication, it is recommended to configure
secondary authentication as 'local'. This lets the management client login via the local user database if
none of the configured authentication servers are alive.
Well known ports
: uses port # 49. RADIUS Authentication uses port # 1812. RADIUS
Accounting uses port # 1812.
Command Authorization Method Configuration
The command authorization section allows you to limit the CLI commands available to a user.
Note
: this
feature is currently not fully functional. The table has one row for each client type and a number of
columns, which are:
Client
The management client for which the configuration below applies.
Method
Method can be set to one of the following values:
no
: Command authorization is disabled. User is granted access to CLI commands according to his
privilege level.
tacacs
: Use remote server(s) for command authorization. If all remote servers are offline, the
user is granted access to CLI commands according to his privilege level.
Cmd Lvl
Authorize all commands with a privilege level higher than or equal to this level. Valid values are in the
range
0
to
15
.
Cfg Cmd
Check to also authorize configuration commands.
Accounting Method Configuration
The accounting section allows you to configure logging of all CLI command and exec (login) to an
accounting.log
file on the server. The table has one row for each client type (console, telnet,
and ssh) and a number of columns, as described below:
Client
The management client for which the configuration below applies.
Method
Method can be set to one of the following values:
no
: Accounting is disabled.
tacacs
: Use remote server(s) for accounting.
Cmd Lvl
Enable logging of all CLI commands with a privilege level higher than or equal to this level. Valid values
are
0
-
15
. Leave the field empty to disable command accounting.
Exec
Enable exec (login) accounting to the server.