Radius Authenticate just Management or Network Access, on SecureStack

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 5677

Products
SecureStack C3
SecureStack C2
Firmware 3.01.94 and lower
SecureStack B3
SecureStack B2
Firmware 1.01.45 and lower
SecureStack A2
Firmware 1.00.27 and lower 

Protocols/Features
Radius
UPN 

Goals
Radius authenticate just device management access
Radius authenticate just network access
Authenticate to a RADIUS Server
Sample configuration 

Cause
In order to permit Radius Authentication to regulate just device Management access or just user Network access, two elements must be configured: 

  • A 'management' vs 'network' selection on the Radius server
  • A matching 'management' vs 'network' selection on the managed device

With earlier firmware, SecureStacks can either Radius-authenticate both management and network access, or neither. 

Solution
For the C2, upgrade to firmware 3.02.30 or higher. 
For the B2, upgrade to firmware 2.00.16 or higher. 
For the A2, upgrade to firmware 1.01.20 or higher. 

With these firmware versions, the DFE-like 'set radius realm' command is supported.
C2(rw)->set radius realm ?

management-access Sets Access type to management-access
network-access Sets Access type to network-access
any Sets Access type to any-access

C2(rw)->

Here is a sample partial configuration which authenticates against one server for network users and a different server for management access.
 set radius enable
set radius server 1 1.2.3.4 1812 myfirstsecret realm network-access
set radius server 2 1.2.3.5 1812 myothersecret realm management-access
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.