Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
273
Views
0
Helpful
2
Replies

Mixed Cisco environment and freeradius

james marnell
Level 1
Level 1

‎05-02-2017 10:26 AM - edited ‎03-11-2019 12:41 AM

I have several 3560's running 12.2 and a nexus 3064 running 6.0.

I have freeradius v2 runing on centos 6.

My problem is getting enable authentication to work for the 3560 switches. I can get enable to work only if I enter the enable password defined on the switch, but the radius itself will not grant it.

I have a freeradius user defined with auth-type=local, service-type=administrative-user and cisco-avpair=shell:priv-lvl=15

The nexus switch authenticates to freeradius and is granted entry with level 15. The 3560 is granted entry without level 15 (subsequent ena command required).

I tried a lot of variations to get this working to no avail. For instance I've added a $enab15$ user to freeradius.

I'm not sure if there is something else I could try or if this simply will not work in a mixed cisco environment.

Any help, etc appreciated.

Thanks

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎05-02-2017 10:12 PM

Have you got something like this:

aaa authorization exec default group radius 
aaa authorization network default group radius
0 Helpful

james marnell
Level 1
Level 1
In response to Philip D'Ath

‎05-03-2017 12:26 PM

no, but I'll try it...thanks

0 Helpful
Customers Also Viewed These Support Documents