[go: up one dir, main page]
Scribd
Upload
75 views4 pages

RADIUS and User Attribute Settings Guide

This document describes user account configuration settings on a router, including: - Setting user attributes like administrator access, allowed connection types, host access, and multiple sessions - Attributes can allow/prohibit administrator access, specify connection types like SSH/telnet, restrict by host, and allow/prohibit multiple sessions - Disconnecting other users' connections by specifying the user name and connection type

Uploaded by

Muhamad Ali Harun Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
75 views4 pages

RADIUS and User Attribute Settings Guide

This document describes user account configuration settings on a router, including: - Setting user attributes like administrator access, allowed connection types, host access, and multiple sessions - Attributes can allow/prohibit administrator access, specify connection types like SSH/telnet, restrict by host, and allow/prohibit multiple sessions - Disconnecting other users' connections by specifying the user name and connection type

Uploaded by

Muhamad Ali Harun Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Setting Description

on Enable local authentication together with the RADIUS authentication


only Enable the RADIUS authentication only
off Disable
[Initial value] : off
[Description]
Sets whether to use the RADIUS for password authentication when switching to the administrator with the administrator
command.
If on is specified, an administrator password specified with the administrator password command is compared. When the
password does not match, a query is made to the RADIUS server. If only is specified, only a query is made to the RADIUS
server.
[Note]
The following commands concerning the RADIUS authentication server must be specified:
radius auth
radius auth server
radius auth port
radius secret

4.8 Set User Attributes


[Syntax]
user attribute [user] attribute=value [attribute=value...]
no user attribute [user...]
[Setting and Initial value]
user
[Setting] :
Setting Description

User name Registered user name


*radius All users who log in with RADIUS authentication
* all users
[Initial value] : -
attribute=value : User attribute
[Setting] :
administrator : Attribute showing whether the administrator mode is available or not
Setting Description

Allows the user to become an administrator by using the


administrator command and allows the user to access
on
the administrator pages GUI. Allow the user to establish
SFTP connection with the administrator password.
Does not allow the user to become an administrator by
using the administrator command and prohibits the
off user from accessing the administrator pages GUI. Not
allow the user to establish SFTP connection with the
administrator password.
connection : Attribute showing how to access to the router

Setting Description

off Prohibits all connections.


all Allows all connections.
serial Allows connection from the serial console.
telnet Allows connection using TELNET.
Setting Description

ssh Allows connection using SSH.


sftp Allows connection using SFTP.
remote Allows connection using remote setup.
http Allows connection to the configuration GUI.
host : Attribute specifying an access host to the router
Setting Description

IP address Allows connection from a specified host.


any Allows access from all hosts.
Interface name Allows connection from the specified interface.
multi-session : Attribute showing whether to allow multiple sessions
Setting Description

Allows multiple sessions using TELNET, SSH, or


on
HTTP by the same user.
Prohibits multiple sessions using TELNET, SSH, or
off
HTTP by the same user.
login-timer : Login timer specification
Setting Description

Number of seconds for automatically logging out when


120..21474836 (RTX810)
there is no key input.
clear Disable the login timer.
[Initial value] :
administrator=on
connection=serial,telnet,remote,ssh,sftp,http
host=any
multi-session=on
login-timer=300
[Description]
Sets user attribute.
If user is omitted, anonymous user attributes are set.
Sets attributes of all users who log in with RADIUS authentication when *radius is specified for user.
If the asterisk (*) is set to user, the setting is applied to all users. However, if the user name is already registered, the settings for
the specified user take precedence.
Even if the administrator attribute is changed to off against a user that is already in administrator mode, the user can remain in
administrator mode until the user exits to user mode using the exit command or logs out.
Multiple values except off and all can be specified for the connection attribute by concatenating each value with a comma.
Even if a connection is prohibited using the connection or host attribute of this command against a user that is already
connected, the user can maintain the connection until the user disconnects.
The host attribute specifies the hosts that can connect using TELNET, SSH, SFTP, and HTTP. The IP address can be a single
address, two IP addresses with a hyphen in between them (range designation), or a list of these addresses separated by commas.
The multi-session attribute allows or prohibits multiple connections using TELNET, SSH or HTTP. Even if this attribute is set
to off, multiple connections can be made through a same user name if the connection methods are different. Such connection
examples are serial and TELNET or remote setup and SSH.
Even if the multi-session attribute is changed to off using this command against a user that already has multiple connections, the
user can maintain the connection until the user disconnects.
SSH and SFTP connections cannot be allowed for anonymous users.
Multiple TELNET connections cannot be specified for anonymous users.
The timer value is taken to be 300 seconds for TELNET, SSH, SFTP, or HTTP connections even when the login-timer attribute
is set to clear.
The login timer attribute value of this command takes precedence over the value set by the login timer
command.
[Note]
Note that if this command is used to prohibit the connection of all users or prohibit all users from
becoming administrators, you will not be able to change the router settings or check the router status.

4.9 Disconnect Another User Connection by Force


[Syntax]
disconnect user user [/connection [no]]
disconnect user [user]/connection [no]
[Setting and Initial value]
user
[Setting] : User name
[Initial value] : -
connection : Connection type
[Setting] :
Setting Description

telnet Connection using TELNET


serial Connection from the serial console
remote Connection using remote setup
ssh Connection using SSH
sftp Connection using SFTP
http Connection to the configuration GUI
[Initial value] : -
no
[Setting] : Connection number
[Initial value] : -
[Description]
Disconnects other users connections.
Specify the parameters by referring to the connection status shown by the
show status user command. To connect an anonymous user, use the second
syntax with user omitted.
If a parameter is omitted, all connections that match the specified parameters are disconnected.
[Note]

This command cannot be used to disconnect your own session.


[Example]
Example 1) Disconnect all connections with the user name test.

# disconnect user test


Example 2) Disconnect all users connected using TELNET.
# disconnect user /telnet

You might also like