cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to connect to CLI in read-only mode via Radius

Unable to connect to CLI in read-only mode via Radius

Jave
Contributor
Hi,

I'm facing an obvious problem trying to allow CLI RO connection to FabricEngine devices using Radius on XIQ-SE.
All is working fine for RWA access, and my setup is similar for RO access, except for Access control profile on XIQ-SE, for which policy mapping is defined as "Read Only" for management.
When I'm trying to connect through SSH to the switch, XIQ-SE accept connection, returns right attributes to switch (Passport-Access-Priority := Read-Only-Access), but user is finally not allowed on it...
What I'm doing wrong ?

Thanks for your help.
2 REPLIES 2

Jave
Contributor
Hi Marlon,

Yes, NAC gateway returns 1 for Passport-Access-Priority attribute value, as you can see in attachments.
I precise that EDM access works well with same configuration.

Best regards

Marlon_Scheid
New Contributor II
Hi Rodjeur70,

its correct you have to use the "Passport-Access-Priority" attribute but with a value of "1" for read-only and a "6" for read-write-all:

Passport-Access-Priority=1

That works fine for me:
C-5520-1:1>show users
SESSION USER ACCESS IP ADDRESS
Console mscheid ro ---------- (current)
C-5520-1:1>

regards
Marlon
GTM-P2G8KFN