Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-06-2019 07:55 AM
Hi,
How to configure Allowed command per user through RADIUS?
I already done the RADIUS with VSA 210 and switch login in admin level access.
I want to restricts the commands.
How to configure Allowed command per user through RADIUS?
I already done the RADIUS with VSA 210 and switch login in admin level access.
I want to restricts the commands.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-14-2019 01:39 PM
Ragavendiran,
This option is not available through EXOS or RADIUS, per the following article:
https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-have-per-user-allowed-command-permissions-when-using-a-radius-server-for-authentication
The following post does give some insight on privilege levels using TACACS:
https://community.extremenetworks.com/extremeswitching-exos-223284/xos-restrict-cli-commands-6856140
Privilege levels are handled by RADIUS on the server side. On the RADIUS server a normal user is needed for user access. If the user needs admin privileges on the switch the RADIUS user should be configured to send the RADIUS Service-Type attribute with a value of Administrative. For further information on this attribute, see Section 5.6 of RFC 2865.
This option is not available through EXOS or RADIUS, per the following article:
https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-have-per-user-allowed-command-permissions-when-using-a-radius-server-for-authentication
The following post does give some insight on privilege levels using TACACS:
https://community.extremenetworks.com/extremeswitching-exos-223284/xos-restrict-cli-commands-6856140
Privilege levels are handled by RADIUS on the server side. On the RADIUS server a normal user is needed for user access. If the user needs admin privileges on the switch the RADIUS user should be configured to send the RADIUS Service-Type attribute with a value of Administrative. For further information on this attribute, see Section 5.6 of RFC 2865.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-14-2019 01:39 PM
Ragavendiran,
This option is not available through EXOS or RADIUS, per the following article:
https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-have-per-user-allowed-command-permissions-when-using-a-radius-server-for-authentication
The following post does give some insight on privilege levels using TACACS:
https://community.extremenetworks.com/extremeswitching-exos-223284/xos-restrict-cli-commands-6856140
Privilege levels are handled by RADIUS on the server side. On the RADIUS server a normal user is needed for user access. If the user needs admin privileges on the switch the RADIUS user should be configured to send the RADIUS Service-Type attribute with a value of Administrative. For further information on this attribute, see Section 5.6 of RFC 2865.
This option is not available through EXOS or RADIUS, per the following article:
https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-have-per-user-allowed-command-permissions-when-using-a-radius-server-for-authentication
The following post does give some insight on privilege levels using TACACS:
https://community.extremenetworks.com/extremeswitching-exos-223284/xos-restrict-cli-commands-6856140
Privilege levels are handled by RADIUS on the server side. On the RADIUS server a normal user is needed for user access. If the user needs admin privileges on the switch the RADIUS user should be configured to send the RADIUS Service-Type attribute with a value of Administrative. For further information on this attribute, see Section 5.6 of RFC 2865.
