the RADIUS server and requests authentication of the user and password. The RADIUS server returns oneof the following responses:• Access-Accept — the RADIUS server authenticates the user.• Access-Reject — the RADIUS server does not authenticate the user.If an error occurs in the transmission or reception of RADIUS packets, you can view the error by enablingthe debug radius command.Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sentin plain text). RADIUS uses UDP as the transport protocol between the RADIUS server host and the client.For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service.RADIUS AuthenticationDell Networking OS supports RADIUS for user authentication (text password) at login and can bespecified as one of the login authentication methods in the aaa authentication login command.When configuring AAA authorization, you can configure to limit the attributes of services available to auser. When you enable authorization, the network access server uses configuration information from theuser profile to issue the user's session. The user’s access is limited based on the configuration attributes.RADIUS exec-authorization stores a user-shell profile and that is applied during user login. You may namethe relevant named-lists with either a unique name or the default name. When you enable authorizationby the RADIUS server, the server returns the following information to the client:• Idle Time• ACL Configuration Information• Auto-Command• Privilege LevelsAfter gaining authorization for the first time, you may configure these attributes.NOTE: RADIUS authentication/authorization is done for every login. There is no difference betweenfirst-time login and subsequent logins.Idle TimeEvery session line has its own idle-time. If the idle-time value is not changed, the default value of 30minutes is used.RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, thelower of the two idle-time values (configured or default) is used. The idle-time value is updated if both ofthe following happens:• The administrator changes the idle-time of the line on which the user has logged in.• The idle-time is lower than the RADIUS-returned idle-time.ACL Configuration InformationThe RADIUS server can specify an ACL. If an ACL is configured on the RADIUS server, and if that ACL ispresent, the user may be allowed access based on that ACL.If the ACL is absent, authorization fails, and a message is logged indicating this.RADIUS can specify an ACL for the user if both of the following are true:782 Security