Hello,
I've been struggling to find a way to implement 802.1x Radius authentication on a switch environment where all switches already use Radius as AAA for CLI administrative access. But obviously, I dont want the 802.1X users to have CLI access to the devices.
The only way I could find to implement this would be to have two different RADIUS group servers, each one with its own user database, and use each Radius server in each aaa authentication group, one for dot1x and another one for login. But that is far away from a smart solution.
Is it possible to have all users (admin and 802.1x users) in the same radius DB with different attributes, and have each group with the correct access in the devices? Unfortunately I could not find any documentation on how to differentiate those users in the same radius DB.
Thank you for any help.
Antonio