Protocols/Features
Radius
802.1x
MAC Authentication
Goals
Set Management / Network access permissions using radius.
Set super-user / read-write / read-only permission using radius.
Symptoms
Authentication access type not as expected.
Management access level not as expected.
Solution
The authentication access type is configured at the Radius server, tied to the user's associated group. It's here that you may specify '
code:
, 'Any Access
code:
' only, or 'Management Access
code:
' only, for that group. The default is 'Network Access
code:
', which means that Radius will service both local management and network access requests. Any Access
Unless the managed device has a similar configuration granularity, it will either be able to Radius-authenticate both management and network access, or neither (5677).
Also configured at the Radius server, and relevant to the first two options above, is the management access level (
code:
, su
code:
, rw
code:
), again tied to the user's associated group. The access level will be returned by the Radius server to the authenticating switch as part of the FilterID (5199). ro
See also: 5532.