Use of RADIUS to Modify User Access to CLI Commands

The switch provides CLI command access based on the configured access level of a user. However, you can use RADIUS to override CLI command access provided by the switch.

To override user access to CLI commands, you must configure the command-access-attribute on the switch and on the RADIUS server. (The switch uses decimal value 194 as the default for this parameter.) On the RADIUS server, you can then define the commands that the user can or cannot access.

Important

Important

When you enable RADIUS on the switch and configure a RADIUS server to be used by CLI or EDM, the server authenticates the connection, whether it is FTP, HTTPs, SSH, or TELNET. However, in the event that the RADIUS server is unresponsive or is unreachable, the switch fall backs to the local authentication, so that you can access the switch using your local login credentials.

Regardless of the RADIUS server configuration, you must configure the user‘s access on the switch based on the six platform access levels.