Parser Views/Superviews w/ RADIUS

gilliganb · ‎03-05-2020

I've been trying to find if there are vendor-specific RADIUS attributes for linking our Windows NPS server to views/superviews on our 2900 series routers and haven't been having any luck. I've been using privilege levels but find managing those tedious. Is there a way to use views or are the privilege levels the only things supported?

Thanks!

Cristian Matei · ‎03-05-2020

Hi,

Microsoft NPS supports Vendor Specific Attributes; look for Cisco and include the following attribute as authorization in your NPS policy: "shell:cli-view-name=VIEWNAME". You would assign the users privilege level 15, as the view will control what commands they have access to.

Ideally you would do command authorization via TACACS, and there are free TACACS servers running perfectly.

Regards,

Cristian Matei.

Parser Views/Superviews w/ RADIUS

ISE - CSCwn63678 - Radius Accounting Reports (versão Português)

RADIUS Reauthentication - Considerations and Best Practices

Cisco Nexus シリーズ : Radius/Tacacs+ のトラブルシューティング

[UCS C] Intel X550 LOM F/Wの個別ダウングレード方法

RADIUS Load Balancing for ISE