Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1137
Views
0
Helpful
1
Replies

Radius Authorization Attributes

fijog
Level 1
Level 1

‎07-25-2004 01:56 AM - edited ‎03-10-2019 07:55 AM

Hi,

Could someone help me out on the following scenario,

Equipments,

Routers: Cisco (TACACS)

Switches: Nortel (RADIUS)

ACS Server: Cisco ACS 3.2

I am trying to do the following,

2 Network Devices groups

GroupA: Contains 10 routers and 10 Switches

GroupB: 50 Routers and 60 Switches

2 User groups

Admin-A: Users in this group should have full access to the routers and switch in NDG Group A

AND READ ONLY access to the NDG Group B

Admin-B : Admin-A: Users in this group should have full access to the routers and switch in NDG Group B

AND READ ONLY access to the NDG Group A

All routers work with TACACS and hence the above can be done. My problem is with Switches(Nortel) which work with RADIUS.

I know by using RADUIS attribute,

Service-Type=administrative gives full access AND

Service-Type=NAS prompt gives read only access.

but how can i give full access to some switches and RO access to other switches,based on the NDG using RADIUS

Can some please help out.

Thanks,

FG

Labels:
0 Helpful
1 Reply 1

jhillend
Level 1
Level 1

‎08-04-2004 10:51 AM

You can't. ACS cannot differentiate between different devices and their RADIUS attributes at this time. Look for this in a later release of ACS (no time frame yet, though).

0 Helpful
Customers Also Viewed These Support Documents