How to get vendor-specific attribute value pairs
mathieu.sim at gmail.com
Mon Jul 15 11:12:36 CEST 2013
As a short update on this topic - I thought it might be worth sharing the
since I've been successfull in getting authorized via FR to privileged exec
on a Netgear GSM7224P (F/W 126.96.36.199).
Netgear is based on Broadcom FASTPATH (MIBs tell so) - as do some Dell
PowerConnect's and fortunately both CLI and behaviour are very close - they
also behave quite similar to Cisco IOS CLI. Some documentation exists on
the net how to get SSH login working with PowerConnects but I've not found
real examples for Netgears.
I was successfully authorized to level 15 when I added a update reply
section sending either / or:
- Cisco-AVPair:= "shell:priv-lvl=15"
- Service-Type = Administrative-User
It worked with both messages, I've once read that some newer Dells started
second, less Cisco-centric, message but with Netgear's (currently) latest
Firmware is seems
working with both.
On the switch I had to configure radius server address and auth lists
(actually Web UI have their own, httplist / httpslist) for
I also had to set following line to get privilege level 15: aaa
authorization exec default radius local *
That apparently was helping the switch to understand the message sent by
I'll have to clean up things a little but at least this seems to be working
now, not more clunky
shared $enab15$ user required :-)
* Which is similar to Cisco's 'aaa authorization exec default group radius
none' I found here - kudos to:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users