[Contents] [Prev] [Next] [Index] [Report an Error]

Per-User Enable Authentication

After a user has been authenticated through RADIUS, the RADIUS server provides the E-series router with the names of the privilege levels (for example, “ 10” ) that the user has enable access to. When the user attempts to access a privilege level through the enable command, the system either denies or approves the user’s request.

The decision to deny or approve the user’s request is based on the list the system received through RADIUS. See Table 54.

Table 54: Juniper Networks–Specific CLI Access VSA Descriptions

VSA

Description

Type

Length

Subtype

Subtype Length

Value

Initial-CLI- Access-Level

Specifies the initial level of access to CLI commands.

26

len

18

sublen

Single attribute; enter only: 0, 1, 5, 10, or 15

Alt-CLI- Access-Level

Specifies level of access to CLI commands.

26

len

20

sublen

Single attribute; enter only: 0, 1, 5, 10, or 15

Note: All levels to which a user can have access must explicitly be specified in the Admin-Auth-Set VSA.

The user is not prompted for a password, because the system knows whether or not the user should have access to the requested level. If the user is not authenticated through RADIUS, the router uses the system-wide enable passwords instead.

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.