.. _example_system_aaa_authorization_radius:

######
Radius
######


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:



****************************
Telnet Default Authorization
****************************

Description
===========

A RADIUS server is added to a RADIUS group which is
added to an AAA list. This list is assigned to the login system's
authentication. In this scenario, the default authorization mapping
is used, which maps the `standard` level to `monitor` and the
`privileged` level to `admin`. The device then starts a Telnet
session with itself to check that it can only run the commands that
role is authorized to run.

Scenario
========

.. include:: radius/telnetdefaultauthorization

.. raw:: html

  <hr>

********************
Telnet Privilege Map
********************

Description
===========

A RADIUS server is added to a RADIUS group which is
added to an AAA list. This list is assigned to login system's
authentication. Finally, the RADIUS privilege levels are mapped to
locally defined roles. The device then starts a Telnet session with
itself to check that it can only run the commands that role is
authorized to run.

Scenario
========

.. include:: radius/telnetprivilegemap

.. raw:: html

  <hr>

*************************
SSH Default Authorization
*************************

Description
===========

A RADIUS server is added to a RADIUS group which is
added to an AAA list. This list is assigned to the SSH service's
authentication. In this scenario, the default authorization mapping
is used, which maps the `standard` level to `monitor` and the
`privileged` level to `admin`. The device then starts an SSH
session with itself to check that it can only run the commands that
role is authorized to run.

Scenario
========

.. include:: radius/sshdefaultauthorization

.. raw:: html

  <hr>

*****************
SSH Privilege Map
*****************

Description
===========

A RADIUS server is added to a RADIUS group which is
added to an AAA list. This list is assigned to SSH service's
authentication. Finally, the RADIUS privilege levels are mapped to
locally defined roles. The device then starts an SSH session with
itself to check that it can only run the commands that role is
authorized to run.

Scenario
========

.. include:: radius/sshprivilegemap

.. raw:: html

  <hr>