118 Device Securityattributes containing configuration information. If the server rejects the user, it returns a negative result.If the server rejects the client or the shared “secrets” differ, the server returns no result. If the serverrequires additional verification from the user, it returns a challenge, and the request process begins again.If you use a RADIUS server to authenticate users, you must configure user attributes in the user databaseon the RADIUS server. The user attributes include the user name, password, and privilege level.NOTE: To set the privilege level, use the Service-Type attribute. Do not us any vendor-specific attributevalue pairs.The following example shows an entry in the FreeRADIUS /etc/raddb/users file that allows auser (name: admin) to log onto the switch with read/write privileges, which is equivalent to privilege level15.admin Auth-Type := Local,User-Password == "pass1234"Service-Type = NAS-Prompt-Userenable Auth-Type := Local,User-Password == "pass5678"Service-Type = Administrative-UserThe values for the Service-Type attribute are as follows:• NAS-Prompt-User indicates the user should be provided a command prompt on the NAS, fromwhich nonprivileged commands can be executed.• Administrative-User indicates the user should be granted access to the administrativeinterface to the NAS, from which privileged commands can be executed.RADIUS Configuration ExamplesThis section contains examples of commands used to configure RADIUS settings on the switch.Example #1: Basic RADIUS Server ConfigurationThis example configures two RADIUS servers at 10.10.10.10 and 11.11.11.11. Each server has a uniqueshared secret key. The shared secrets are configured to besecret1 andsecret2 respectively. The server at10.10.10.10 is configured as the primary server. The process creates a new authentication list, calledradiusList, which uses RADIUS as the primary authentication method, and local authentication as abackup method in the event that the RADIUS server cannot be contacted.