Solved

Exos platform- Allowed command per user through RADIUS

  • 6 August 2019
  • 1 reply
  • 70 views

Hi,

How to configure Allowed command per user through RADIUS?

I already done the RADIUS with VSA 210 and switch login in admin level access.

I want to restricts the commands.
icon

Best answer by Ty Izzet 14 August 2019, 15:39

Ragavendiran,

This option is not available through EXOS or RADIUS, per the following article:

https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-have-per-user-allowed-command-permissions-when-using-a-radius-server-for-authentication

The following post does give some insight on privilege levels using TACACS:

https://community.extremenetworks.com/extremeswitching-exos-223284/xos-restrict-cli-commands-6856140

Privilege levels are handled by RADIUS on the server side. On the RADIUS server a normal user is needed for user access. If the user needs admin privileges on the switch the RADIUS user should be configured to send the RADIUS Service-Type attribute with a value of Administrative. For further information on this attribute, see Section 5.6 of RFC 2865.
View original

1 reply

Userlevel 5
Ragavendiran,

This option is not available through EXOS or RADIUS, per the following article:

https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-have-per-user-allowed-command-permissions-when-using-a-radius-server-for-authentication

The following post does give some insight on privilege levels using TACACS:

https://community.extremenetworks.com/extremeswitching-exos-223284/xos-restrict-cli-commands-6856140

Privilege levels are handled by RADIUS on the server side. On the RADIUS server a normal user is needed for user access. If the user needs admin privileges on the switch the RADIUS user should be configured to send the RADIUS Service-Type attribute with a value of Administrative. For further information on this attribute, see Section 5.6 of RFC 2865.

Reply