Server Technology switched pro2 User Manual - page 102
Switched PRO2 – User Guide
Using the Web Interface
•
102
About RADIUS Vendor-Specific Attributes (VSA)
In addition to the protocol-required attributes, the RADIUS authentication process can be extended by using private
vendor-specific attributes (VSA). This extension allows Server Technology to create its own proprietary attributes to
support features and services using the PRO2 in the RADIUS authentication process.
Server Technology has defined and formatted RADIUS vendor-specific attributes (VSA) in the dictionary.sti file,
which is available from Server Technology. The PRO2 is configured to recognize and use the configuration values
in the file as specified by the network administrator, indicating to the RADIUS server that the defined attributes are
based on Server Technology’s unique enterprise vendor code.
Using the format of the dictionary.sti file (located on the Server Technology FTP site at ftp.servertech.com), the
PRO2 RADIUS implementation supports the following vendor-specific attributes:
Vendor-Specific Attribute (VSA) Descriptions
Attribute
Description
STI-Access-Level
Indicates user access level for the Switched PRO2; values are 1-6 as follows; a valid access level is required or access
to the unit is denied.
Valid Access Levels:
1 = Admin
2 = Power User
3 = User
4 = Reboot Only
5 = On Only
6 = View Only
STI-Env-Mon
Determines user access rights to environmental monitoring; values are Yes or No. For the STI-Access-Level value
other than 1 (Admn), if STI-Env-Mon is not included for a user, default is no.
STI-Outlets
Specifies user access rights to outlets; values are space-delimited strings of absolute IDs, names, or the special
keyword “ALL”. String values are case-sensitive and limited to 253 characters. This attribute can be repeated to
append strings that declare additional access rights. For STI-Access Level values other than 1 (Admn) and 2 (Power
User), if STI-Outlets is not included for a user, the default is no outlet.
STI-Groups
Specifies user access rights to groups of outlets; values are space-delimited strings of absolute IDs, names, or the
special keyword “ALL”. String values are case-sensitive and limited to 253 characters. This attribute can be repeated to
append strings that declare additional access rights. For STI-Access Level values other than 1 (Admn) and 2 (Power
User), if STI-Groups is not included for a user, the default is no group.
STI-Ports
Specifies user access rights to ports; values are space-delimited strings of absolute IDs, names, or the special
keyword “ALL”. String values are case-sensitive and limited to 253 characters. This attribute can be repeated to
append strings that declare additional access rights. For STI-Access Level values other than 1 (Admn) and 2 (Power
User), if STI-Ports is not included for a user, the default is no ports.
Note: User access levels must be configured using the dictionary.sti file. If the administrator does not use the
dictionary.sti file to configure a user, the user will not have access rights to the PRO2.
Examples:
Administrator with full access and configuration rights:
sti-admin Auth-Type := Local, User-Password == "admin"
STI-Access-Level = Admin
Power user with environmental monitoring allowed and full outlet/group/port access rights:
sti-power Auth-Type := Local, User-Password == "power"
STI-Access-Level = Power-User,
STI-Env-Mon = Yes
User with environmental monitoring not allowed and specific outlet/group/port access rights:
sti-user Auth-Type := Local, User-Password == "user"
STI-Access-Level = User,
STI-Env-Mon = No,
STI-Outlets = ".A1 .A2 Rtr1 Rtr2 Srvr1 Srvr2",
STI-Outlets += ".A3 .A4 Rtr3 Rtr4 Srvr3 Srvr4",
STI-Groups = "Routers Servers",
STI-Ports = "Console"