Solved: Re: Nexus NXOS authentication via RADIUS

firemtngems · ‎01-20-2011

Greetings,

I have a Nexus 7010 running 5.1(1). I'm using RADIUS (Microsoft) to authenticate access to the device.

In prior versions of the IOS, RADIUS attribute 31 was forwarded to the RADIUS server. In NXOS, this attribute is not forwarded. Is there any way to configure NXOS to forward RADIUS attribute 31? Note that some versions of the IOS have radius commands to enable it (i.e. "radius-server attribute 31 send nas-port-detail").

The functionality I wish to achive is to apply RADIUS policies by the user's IP address.

Thanks for taking a look...

Mike

phiharri · ‎01-24-2011

Greetings Mike,

Sending attribute 31 (Calling-Station-Id) isn't currently supported when using RADIUS authentication under NX-OS. I took a quick look and couldn't find any mention in the roadmap.

I'd recommend contacting TAC or your Cisco Account team to raise a feature request. Although it probably doesn't help much, TACACS+ will include the address of the authenticating user.

Cheers,

/Phil

View solution in original post

phiharri · ‎01-24-2011

Greetings Mike,

Sending attribute 31 (Calling-Station-Id) isn't currently supported when using RADIUS authentication under NX-OS. I took a quick look and couldn't find any mention in the roadmap.

I'd recommend contacting TAC or your Cisco Account team to raise a feature request. Although it probably doesn't help much, TACACS+ will include the address of the authenticating user.

Cheers,

/Phil

firemtngems · ‎01-24-2011

Thanks Phil,

I guess I'll just use ACLs to enforce the policy (I wanted to use RADIUS in addition to ACLs).

Cheers,

Mike