https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51859#M14237 I have a ExtremeXOS version 16.2.1.6 configured. My intention ware just authenticate my users, but I realized when a user pass any command the Extreme checks the permition. Is this normal? It is possible change this behavior? If yes how?<BR /> Best regards Tue, 01 Aug 2017 02:23:00 GMT Kalil_De_A__Car 2017-08-01T02:23:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51859#M14237 I have a ExtremeXOS version 16.2.1.6 configured. My intention ware just authenticate my users, but I realized when a user pass any command the Extreme checks the permition. Is this normal? It is possible change this behavior? If yes how?<BR /> Best regards Tue, 01 Aug 2017 02:23:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51859#M14237 Kalil_De_A__Car 2017-08-01T02:23:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51860#M14238 Please check the below Knowledge base article for your reference:<BR /> <A href="https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-have-per-user-allowed-command-permissions-when-using-a-radius-server-for-authentication" target="_blank" rel="nofollow noreferrer noopener">https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-have-per-user-allowed-command-permissions-when-using-a-radius-server-for-authentication</A> <BR /> Tue, 01 Aug 2017 05:38:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51860#M14238 Ram3 2017-08-01T05:38:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51861#M14239 Hello Ram, thanks for hoje replay. I think that is my problem. I want just authoreze the login. After I dont want that switch check the RADIUS server all the time, when a user pass any command. If has any ccomunication problem between switch and RADIUS I loose my privilege. Is It that? Fan I chance It for not do the authenticat command alô the times? Best regards Tue, 01 Aug 2017 08:37:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51861#M14239 Kalil_De_A__Car 2017-08-01T08:37:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51862#M14240 Could you please explain us in detail how you are checking in RADIUS and switch that authorization is happening for any command executed? Also, please share the configuration "show configuration aaa".<BR /> Tue, 01 Aug 2017 09:29:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51862#M14240 Ram3 2017-08-01T09:29:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51863#M14241 Please take a look into this post which incl a link to screenshots of a working setup...<BR /> <BR /> <A href="https://community.extremenetworks.com/extreme/topics/microsoft-nps-server-vsa-configuration-for-extreme-cliauthorization?topic-reply-list" target="_blank" rel="nofollow noreferrer noopener">https://community.extremenetworks.com/extreme/topics/microsoft-nps-server-vsa-configuration-for-extr...</A><BR /> <BR /> Tue, 01 Aug 2017 12:59:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51863#M14241 Ronald_Dvorak 2017-08-01T12:59:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51864#M14242 Hell all.<BR /> <BR /> Good morning Ram, here my configuration:<BR /> <BR /> configure radius mgmt-access primary shared-secret PASSWORD<BR /> configure radius mgmt-access primary server IP_SERVER 1812 client-ip IP_CLIENT vr VR-Mgmt<BR /> configure radius mgmt-access secondary shared-secret PASSWORD<BR /> configure radius mgmt-access secondary server IP_SERVER 1812 client-ip IP_CLIENT vr VR-Mgmt<BR /> enable radius mgmt-access<BR /> <BR /> We noticed that all command which user pass ware by the switchs. Like, if a user passed "show configuration" the switch send a new check for this command. The problem is if we have any problem between switch and RADIUS server the user will do nothing any more. <BR /> <BR /> We realized that beravior running tcpdum commands on RADIUS server. So, with that we could see this.<BR /> <BR /> It is possible torn off this, just let the switch check login and nothing more?<BR /> <BR /> Best regards. Tue, 01 Aug 2017 17:59:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51864#M14242 Kalil_De_A__Car 2017-08-01T17:59:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51865#M14243 Could you please provide me the entire configuration of "show configuration aaa", "show switch" and "show version"? If it is an issue we need to test this in local lab. Hence, you could also open a GTAC case with "show tech" output with detailed explanation about your issue.<BR /> Wed, 02 Aug 2017 10:29:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51865#M14243 Ram3 2017-08-02T10:29:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51866#M14244 Hello Ram.<BR /> <BR /> Sorry for my late. Here the information that you asked:<BR /> <BR /> show configuration aaa:<BR /> configure radius mgmt-access primary server RADIUS_IP 1812 client-ip CLIENT_IP vr VR-Mgmt<BR /> configure radius mgmt-access primary shared-secret encrypted PASSWORD<BR /> configure radius mgmt-access secondary server RADIUS_IP 1812 client-ip CLIENT_IP vr VR-Mgmt<BR /> configure radius mgmt-access secondary shared-secret encrypted PASSWORD<BR /> enable radius mgmt-access<BR /> <BR /> show switch:<BR /> <BR /> SysName: ampere<BR /> SysLocation: <BR /> SysContact: <BR /> System MAC: <BR /> System Type: X670-48x<BR /> <BR /> SysHealth check: Enabled (Normal)<BR /> Recovery Mode: All<BR /> System Watchdog: Enabled<BR /> <BR /> Current Time: Thu Aug 3 10:55:20 2017<BR /> Timezone: [Auto DST Disabled] GMT Offset: -180 minutes, name is BRT.<BR /> Boot Time: Sat Jul 22 01:21:01 2017<BR /> Boot Count: 23<BR /> Next Reboot: None scheduled<BR /> System UpTime: 12 days 9 hours 34 minutes 18 seconds <BR /> <BR /> Image Selected: secondary <BR /> Image Booted: secondary <BR /> Primary ver: 16.1.2.14 <BR /> Secondary ver: 16.2.1.6 <BR /> <BR /> Config Selected: primary.cfg <BR /> Config Booted: primary.cfg <BR /> <BR /> primary.cfg Created by ExtremeXOS version 16.2.1.6<BR /> 1083719 bytes saved on Mon Jul 31 20:11:38 2017<BR /> <BR /> show version:<BR /> Switch : 800400-00-04 1151G-00686 Rev 4.0 BootROM: 2.0.1.5 IMG: 16.2.1.6 <BR /> PSU-1 : Internal PSU-1 800282-00-04 1201K-82195<BR /> PSU-2 : Internal PSU-2 800282-00-04 1201K-82194<BR /> <BR /> Image : ExtremeXOS version 16.2.1.6 by release-manager<BR /> on Sat Aug 6 19:06:56 EDT 2016<BR /> BootROM : 2.0.1.5<BR /> Diagnostics : 6.4<BR /> <BR /> Thu, 03 Aug 2017 18:57:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/extreme-using-radius-just-to-authenticate-not-for-all-command/m-p/51866#M14244 Kalil_De_A__Car 2017-08-03T18:57:00Z