differentiating radius attribute

To: freeradius-users@lists.freeradius.org
Subject: differentiating radius attribute
From: "jerrrry@voila.fr" <jerrrry@voila.fr>
Date: Fri, 1 Dec 2006 17:16:05 +0100 (CET)
Reply-to: jerrrry@voila.fr, FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Hi everybody,

I'm using freeradius to authenticate and authorize users to cisco switches/routers/FW.
My issue is that i want to do aaa for 3 things on the same device: device administrators login (telnet), for 802.1x EAP/MD5 (, and to manage firewall FWSM ACLs (radius attribute in the response: filter-id=acl_name).

My question is how to differentiate this 3 needs by a radius attribute in the request, to be able to send in the response only the good radius authorization attribute depending on aaa type asking.

Response attributes can be priv-lvl=15, filter-id=acl_name or Tunnel-Type = :1:VLAN

the 3 types are configured like this on the csico devices:

aaa authentification login default group radius

aaa authentication 802.1x default group radius

aaa authentication match acl_name interface_name radius

thank tou for your help

jerrrry

Follow-Ups:
- RE : differentiating radius attribute
  - From: "Thibault Le Meur" <Thibault.LeMeur@supelec.fr>

Previous by Date: Redundant Modules
Next by Date: Questions about proxy radius on multihomed host
Previous by Thread: RE: dialupadmin date woes
Next by Thread: RE : differentiating radius attribute
Freeradius-Users December 2006 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.