topic Read only , and read write authorization from acs/juniper radius in Network Access Control

Read only , and read write authorization from acs/juniper radius

mirehteshamali — Mon, 11 Mar 2019 01:59:01 GMT

Hi all,

we have a large detabase of cisco routers and swithches , we want to have a radius authentication and athorizaion level set to read only and (rd , rw) for certain users.

ie for company employees read write access and for outside auditors/consultants read only access .

how do i do it with Radius on ACS and juniper/radius .

Any links for cisco routers config will be highly appreciated.

Read only , and read write authorization from acs/juniper radius

Eduardo Aliaga — Mon, 09 Apr 2012 16:04:15 GMT

I would recommend to use TACACS+ instead of RADIUS.

Depending on your network device, in ACS you can use "command authorization sets" (when using traditional IOS) or "shell profiles" (when using Cisco IOS XE, IOS XR, Cisco ACE, Juniper JunOS, etc).

For read only you can deny the "config terminal" command. For read write you can allow the "config terminal" command.

Here's an example of allowing/denying commands by using "command authorization sets".

PLease rate if it helps. Kind regards.