Setting Network Access Permissions using Radius

  • 7 January 2015
  • 0 replies
  • 307 views

Userlevel 3
Article ID: 7220

Protocols/Features
Radius
802.1x
MAC Authentication

Goals
Set Management / Network access permissions using radius.
Set super-user / read-write / read-only permission using radius.

Symptoms
Authentication access type not as expected.
Management access level not as expected.

Solution
The authentication access type is configured at the Radius server, tied to the user's associated group. It's here that you may specify '
code:
Any Access
, '
code:
Management Access
' only, or '
code:
Network Access
' only, for that group. The default is '
code:
Any Access
', which means that Radius will service both local management and network access requests.

Unless the managed device has a similar configuration granularity, it will either be able to Radius-authenticate both management and network access, or neither (5677).

Also configured at the Radius server, and relevant to the first two options above, is the management access level (
code:
su
,
code:
rw
,
code:
ro
), again tied to the user's associated group. The access level will be returned by the Radius server to the authenticating switch as part of the FilterID (5199).

See also: 5532.

0 replies

Be the first to reply!

Reply