Setting Network Access Permissions using Radius
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2015 12:05 PM
Article ID: 7220
Protocols/Features
Radius
802.1x
MAC Authentication
Goals
Set Management / Network access permissions using radius.
Set super-user / read-write / read-only permission using radius.
Symptoms
Authentication access type not as expected.
Management access level not as expected.
Solution
The authentication access type is configured at the Radius server, tied to the user's associated group. It's here that you may specify '
Unless the managed device has a similar configuration granularity, it will either be able to Radius-authenticate both management and network access, or neither (5677).
Also configured at the Radius server, and relevant to the first two options above, is the management access level (
See also: 5532.
Protocols/Features
Radius
802.1x
MAC Authentication
Goals
Set Management / Network access permissions using radius.
Set super-user / read-write / read-only permission using radius.
Symptoms
Authentication access type not as expected.
Management access level not as expected.
Solution
The authentication access type is configured at the Radius server, tied to the user's associated group. It's here that you may specify '
code:
, 'Any Access
code:
' only, or 'Management Access
code:
' only, for that group. The default is 'Network Access
code:
', which means that Radius will service both local management and network access requests. Any Access
Unless the managed device has a similar configuration granularity, it will either be able to Radius-authenticate both management and network access, or neither (5677).
Also configured at the Radius server, and relevant to the first two options above, is the management access level (
code:
, su
code:
, rw
code:
), again tied to the user's associated group. The access level will be returned by the Radius server to the authenticating switch as part of the FilterID (5199). ro
See also: 5532.
0 REPLIES 0
