Article ID: 7220
Protocols/Features
Radius
802.1x
MAC Authentication
Goals
Set Management / Network access permissions using radius.
Set super-user / read-write / read-only permission using radius.
Symptoms
Authentication access type not as expected.
Management access level not as expected.
Solution
The authentication access type is configured at the Radius server, tied to the user's associated group. It's here that you may specify '
, '
' only, or '
' only, for that group. The default is '
', which means that Radius will service both local management and network access requests.
Unless the managed device has a similar configuration granularity, it will either be able to Radius-authenticate
both management and network access, or neither (
5677).
Also configured at the Radius server, and relevant to the first two options above, is the management access level (
,
,
), again tied to the user's associated group. The access level will be returned by the Radius server to the authenticating switch as part of the FilterID (
5199).
See also:
5532.
