Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
192
Views
0
Helpful
1
Replies

802.1x Radius authentication on a switch that already authenticates CLI admin access in Radius

aforster.home
Level 1
Level 1

‎05-27-2015 12:27 PM - edited ‎03-08-2019 12:12 AM

Hello,

 

I've been struggling to find a way to implement 802.1x  Radius authentication on a switch environment where all switches already use Radius as AAA for CLI administrative access. But obviously, I dont want the 802.1X users to have CLI access to the devices.

 

The only way I could find to implement this would be to have two different RADIUS group servers, each one with its own user database, and use each Radius server in each aaa authentication group, one for dot1x and another one for login. But that is far away from a smart solution.

 

Is it possible to have all users (admin and 802.1x users) in the same radius DB with different attributes, and have each group with the correct access in the devices? Unfortunately I could not find any documentation on how to differentiate those users in the same radius DB.

 

Thank you for any help.

Antonio

Labels:
0 Helpful
1 Reply 1

Not applicable

‎05-25-2017 10:37 AM

Did you ever find a resolution for this problem?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card