Article ID: 5677
Products
SecureStack C3
SecureStack C2
Firmware 3.01.94 and lower
SecureStack B3
SecureStack B2
Firmware 1.01.45 and lower
SecureStack A2
Firmware 1.00.27 and lower
Protocols/Features
Radius
UPN
Goals
Radius authenticate just device management access
Radius authenticate just network access
Authenticate to a RADIUS Server
Sample configuration
Cause
In order to permit Radius Authentication to regulate
just device Management access or
just user Network access, two elements must be configured:
- A 'management' vs 'network' selection on the Radius server
- A matching 'management' vs 'network' selection on the managed device
With earlier firmware, SecureStacks can either Radius-authenticate
both management and network access, or neither.
Solution
For the C2, upgrade to firmware 3.02.30 or higher.
For the B2, upgrade to firmware 2.00.16 or higher.
For the A2, upgrade to firmware 1.01.20 or higher.
With these firmware versions, the DFE-like 'set radius realm' command is supported.
C2(rw)->set radius realm ?
management-access Sets Access type to management-access
network-access Sets Access type to network-access
any Sets Access type to any-access
C2(rw)->
Here is a sample partial configuration which authenticates against one server for network users and a different server for management access.
set radius enable
set radius server 1 1.2.3.4 1812 myfirstsecret realm network-access
set radius server 2 1.2.3.5 1812 myothersecret realm management-access
