One Radius Server, when all users got network access can we apply some users to management-access for accessing to the switches

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hello,

I have B5 switches and S8 backbone and windows server 2008.

I have radius server 802.1x and its working well. 
My configuration on switch is;

set radius enable
set radius server 1 x.x.x.x 1812:secret_key realm network-access

Now, I want apply some users to access switch via radius or active directory.
For this I need to implement,

set radius server 1 x.x.x.x 1812:secret_key realm any-access

But, after doing this all clients can access as a management access.

My goal is with "one radius server" I want to give some clients permission to access switch and all others to only network-access.

Is this possible with one radius server.
If it is possible on windows server side what should I do? 

Thanks,
Best Regards
Photo of Erhan YILDIZ

Erhan YILDIZ

  • 180 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,020 Points 5k badge 2x thumb
Hi Erhan

You can do this by creating different Network access policies in Microsoft NPS.
As part of the matching criteria you will specific the Switch IP as a NAS Identifier and the required windows group that you want to give access.
Ensure that this policy is above the other 802.1x network access policy in NPS.

Regards
Andre