cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1098
Views
0
Helpful
2
Replies
Olivier ARRIGHI
Beginner

Per-device/per-user AAA authorization with Freeradius

Hi Folks

I'm using a Freeradius with local username database (no LDAP) for authentication.(working well)

I have various network devices in my network, and I would like to have custom authorization per user per device :

I would like to have 2 types of network admins, and 2 types of network devices, with the following rules :

-"Core devices" must be granted privilege level 15 for "Core admins"

-"Access devices" must be granted privilege level 15 for "Access admins" and "Core admins"

-"Core devices" must be granted privilege level 1 for "Access admins".

-There is now way "Access admins" can access to configuration mode on "Core devices" with enable command.

Any help and config example for freeradius and cisco side are very welcome

thanks

olivier

2 REPLIES 2
Ravi Singh
Rising star

Hello Olivier,

I would like to suggest you to go to the below link . This document describes the procedure for Per-device user authentication.

http://wiki.freeradius.org/vendor/Cisco#Per-User-Privilege-Level

Hope this may help you

Hi Ravi

thanks for the URL, however this document does not indicate how to authorize per device AND per user.

have fun

olivier

Content for Community-Ad