Header Only - DO NOT REMOVE - Extreme Networks

Radius Authenticate just Management or Network Access, on SecureStack

Userlevel 3
Article ID: 5677

SecureStack C3
SecureStack C2
Firmware 3.01.94 and lower
SecureStack B3
SecureStack B2
Firmware 1.01.45 and lower
SecureStack A2
Firmware 1.00.27 and lower


Radius authenticate just device management access
Radius authenticate just network access
Authenticate to a RADIUS Server
Sample configuration

In order to permit Radius Authentication to regulate just device Management access or just user Network access, two elements must be configured:

  • A 'management' vs 'network' selection on the Radius server
  • A matching 'management' vs 'network' selection on the managed device
With earlier firmware, SecureStacks can either Radius-authenticate both management and network access, or neither.

For the C2, upgrade to firmware 3.02.30 or higher.
For the B2, upgrade to firmware 2.00.16 or higher.
For the A2, upgrade to firmware 1.01.20 or higher.

With these firmware versions, the DFE-like 'set radius realm' command is supported.
C2(rw)->set radius realm ?

management-access Sets Access type to management-access
network-access Sets Access type to network-access
any Sets Access type to any-access

Here is a sample partial configuration which authenticates against one server for network users and a different server for management access.
set radius enable
set radius server 1 1812 myfirstsecret realm network-access
set radius server 2 1812 myothersecret realm management-access[/code]

0 replies

Be the first to reply!