cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
197
Views
0
Helpful
1
Replies

ACCESS SWITCH RADIUS

andreff92
Level 1
Level 1

Dear all,

We have a Linux Radius server and in it we have two users for now for testing, user.admin and user.support, and we have two groups of users, g_admin and g_user, and in the switch I put the config below, but who is only released in g_user is accessing the switch, even not having the line configured aaa group server radius g_user, my question is, is there any way for the user who is not in g_user not to access the Switch?

I configured the line below, where I thought it would only allow those in the g_admin group, but those in g_user also access the Switch

aaa group server radius G_ADMIN
server name G_RADIUS

1 Reply 1

M02@rt37
VIP
VIP

Hello @andreff92 

In your case, both user.admin and user.support are being autenticated by the same RADIUS server, and unless the RADIUS server is configured to return specific attributes indicating group membership or privilege levels (like shell:priv-lvl for cisco devices), the switch treats all users the same. 

To ensure that only users in the g_admin group gain access, you need to configure the radius server to send back authorization attributes—such as shell:priv-lvl=15  for administrators and a lower privilege level (or none) for support users...

On the switch, you also need to enable AAA auth with a command like to enforce these privilege levels.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.