MX2800 M13 Multiplexer User Manual Configuration, Section 361200290L1-1G 3-27TestA user with write-access privilege level can configure the network interface and T1/E1 interface and caninitiate loopbacks but may not view and/or alter several system-level items such as LAN configurables,etc.AdminWith Admin privilege level, all menu items can be viewed and/or altered. Only a user with an Admin useraccount can alter the User Account Management information.User accounts provide access to the MX2800 for console interface sessions and TL1 sessions. Table 3-4on page 3-30 provides a summary of privileges.NOTEThe Load Default Settings menu item that is located on the Configuration/Utilities menu resets the User Account Management table back to thefactory default account adtran/adtran/admin.RADIUS AuthenticationThe MX2800 is capable of communicating with a RADIUS server for authentication of menu users andTL1 users. The RADIUS authentication support is implemented per RFC2865. User account informationin the onboard user database will remain intact when the MX2800 is upgraded to support authentication viaRADIUS.Several options are available for provisioning RADIUS authentication features, all of which are accessibleonly via menus and by users with Admin-level privileges.RADIUS StateThis option sets the RADIUS authentication capabilities as either Enabled or Disabled. The default value isDisabled.When the RADIUS State value is Enabled, the following behavior applies when a user enters a usernameand password at the MX2800. The MX2800 first authenticates the username and password against thelocal user database. If local authentication succeeds, then access is granted to the MX2800 with the privi-lege level assigned for that account in the onboard database. Local authentication is considered successfulif both the username and password are authenticated, regardless of the privilege level (including Disabled).If local authentication does not succeed, then the username and password are authenticated against theRADIUS server. If the RADIUS authentication succeeds, then access to the MX2800 is granted with theRADIUS Privilege Level set by the user. If the RADIUS authentication does not succeed, which includesthe case where the MX2800 does not receive a response from the server, then the user is denied access tothe MX2800.Regardless of whether the RADIUS State option is Enabled or Disabled at the MX2800, each user accountthat exists in the local user database may be assigned one of the defined privilege levels for the MX2800(Disabled, Guest, Interface, Test, or Admin). Only a user with the Admin privilege level can access thelocal database and the RADIUS options.
