One Radius Server, when all users got network access can we apply some users to management-access for accessing to the switches


I have B5 switches and S8 backbone and windows server 2008.

I have radius server 802.1x and its working well.
My configuration on switch is;

set radius enable
set radius server 1 x.x.x.x 1812:secret_key realm network-access

Now, I want apply some users to access switch via radius or active directory.
For this I need to implement,

set radius server 1 x.x.x.x 1812:secret_key realm any-access

But, after doing this all clients can access as a management access.

My goal is with "one radius server" I want to give some clients permission to access switch and all others to only network-access.

Is this possible with one radius server.
If it is possible on windows server side what should I do?

Best Regards

1 reply

Userlevel 5
Hi Erhan You can do this by creating different Network access policies in Microsoft NPS. As part of the matching criteria you will specific the Switch IP as a NAS Identifier and the required windows group that you want to give access. Ensure that this policy is above the other 802.1x network access policy in NPS. Regards Andre