RADIUS authorization

When RADIUS authorization takes place, the following events occur.

  1. A user previously authenticated by a RADIUS server enters a command on the RUCKUS device.
  2. The RUCKUS device looks at its configuration to see if the command is at a privilege level that requires RADIUS command authorization.
  3. If the command belongs to a privilege level that requires authorization, the RUCKUS device looks at the list of commands delivered to it in the RADIUS Access-Accept packet when the user was authenticated. (Along with the command list, an attribute was sent that specifies whether the user is permitted or denied usage of the commands in the list.)
    Note: After RADIUS authentication takes place, the command list resides on the RUCKUS device. The RADIUS server is not consulted again once the user has been authenticated. This means that any changes made to the user command list on the RADIUS server are not reflected until the next time the user is authenticated by the RADIUS server, and the new command list is sent to the RUCKUS device.
  4. If the command list indicates that the user is authorized to use the command, the command is executed.