Extreme Networks

Pierre_Demassey · ‎01-17-2018

I am trying to add a Cisco ASA to the NAC appliance for RADIUS Management Access. I started by enabling SNMP between the ASA and NetSight Console. But in order to add the ASA to the NAC appliance, I need to specify a RADIUS attribute to send. What do I need to put?

Ronald_Dvorak · ‎01-17-2018

I could be wrong but after reading this...

https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrdat1.html

...I wonder whether you could use RADIUS attribute "cisco-avpair= "shell:priv-lvl=%CUSTOM2%"" and then make more then one rule with different custom#2 values to represent the privilege levels ?!

-Ron

Ronald_Dvorak · ‎01-17-2018

I was just thinking out loud but never tried it with any C device.

StephanH · ‎01-17-2018

Hmm Ronald,

this granular settings you mentioned works with Cisco Prime and I can switch different user groups and view, but not with Cisco ASA. Maybe I did a mistake but my mentioned setting work for me and my customer and so I did no more investigations .

Regards Stephan

Pierre_Demassey · ‎01-17-2018

Thanks, I'll see if that can work. I'll report back.

Ronald_Dvorak · ‎01-17-2018

67dab6514e0f47acbf68006887c3bd04_RackMultipart20180117-59112-1e4g2bo-Cisco_VSA_inline.png

Extreme Networks

What RADIUS attribute to send is needed when adding a Cisco ASA to the NAC appliance for AAA Mangement Access?

What RADIUS attribute to send is needed when adding a Cisco ASA to the NAC appliance for AAA Mangement Access?