i´ve ran into a dilemma when trying to authenticate users versus a radius backend (freeradius) when trying to grant a privilege level < 15. Devices are ASA appliances as well as IOS routers and switches. Seems that these device families do not play well together when using the same radius backend.
Finally, it tracks down to the fact that the ASA seems to need a radius service type of "Administrative-User" in order to allow the "enable" command at all. With that service type given, I can successfully assign a privilege level using the attribute "ASA-Privilege-Level". So far so good.
The problem now arises when an IOS device uses the same radius config. Seeing the service type of "Administrative-User", the device always assigns a privilege level of 15 and seems to ignore what we pass over in the Cisco-AVPair (shell:priv-lvl). Getting IOS devices to work requires a change of the service type to e.g. NAS-Prompt which then works good with IOS but does not allow the user to use the "enable" command on the ASA.
Probably I am missing something obvious and hopefully one of you guys can enlighten me.
Hi Freinds lets Consider the sd-wan controller will be deployed on-premise , with 2 x Transport ( MPLS and INET) each cEdge sits behind ASA , Cisco ASA perform 1 to 1 static NATING for the cEdge in order to provide Reachibility over INET vB...
Cisco helps build IT agility and business resiliency by introducing new technology innovations that help
Respond and adapt to disruptions
Accelerate your digital journey and cloud adoption
Transform your operating model with insights and automatio...
Oct 20, 2020 is an inspirational date for many of us in networking industry to be proud of. It is the birthday of Cisco Catalyst 8500 Series Edge Platforms – one of the most powerful purpose-built SD-WAN Edge platforms ever, making up to 60Gbps throughput...
Hi, Hope this can help someone. To connect local network storage, mine is DS1817+. Create port forward and connect thru internet.Do reply here if you have better or easier configuration! =D Configuration on Cisco Router:ip nat inside source stat...
Cisco SD-WAN Cloud OnRamp allows you to simplify and secure connectivity to cloud applications and public clouds. Interested in testing out the latest Cisco Cloud OnRamp solutions?
Sign up to try out various use cases with the Cisco SD-WAN Cloud ...