The RADIUS server stores the user authorization. When a request arrives, the RADIUS server returns the access rights, privileges and the login data to the device, which then logs in the user with the appropriate rights.
Normally access rights are set in the RADIUS management privilege level (attribute 136), so that the device only needs to map the returned value to its internal access rights (option mapped). The attribute can have the following values, which are mapped by the device:
| Attribute | Access rights |
|---|---|
| 1 | User, read-only |
| 3 | User, write-only |
| 5 | Admin, read-only, no trace rights |
| 7 | Admin, read and write, no trace rights |
| 9 | Admin, read-only |
| 11 | Admin, read and write |
| 15 | Supervisor |
However, it may be that the RADIUS server additionally needs to transfer privileges, or that attribute 136 is already used for other purposes and/or for vendor-specific authorization attributes. If this is the case, you should select Vendor-Specific attributes. These attributes are specified as follows, based on the vendor ID '2356':
- Privileges ID: 11
- Function rights ID: 12
The values transferred for access rights are identical to those mentioned above. If the RADIUS server should also transfer privileges, you achieve this as follows:
- Open the device console.
- Change to the directory .
- The command set ? shows you the current mapping of privileges to the corresponding hexadecimal code (e.g. Device-Search (0x80)).
- In order to combine privileges, you add their hex values.
- You can use this decimal value as the Privileges ID to transfer the corresponding privileges.
- You can use this decimal value as the Privileges ID to transfer the corresponding privileges.
- SNMP ID:
- 2.11.81.2
- Console path:
- Setup > Config > Radius
- Possible values:
- Vendor specific
- Mapped
- Shell privilege
- Default:
- Vendor specific
