<P><BR>Hi everybody,<BR></P>
<P>I'm using freeradius to authenticate and authorize users to cisco switches/routers/FW.<BR>My issue is that i want to do aaa for 3 things on the same device: device administrators login (telnet), for 802.1x EAP/MD5 (, and to manage firewall FWSM ACLs (radius attribute in the response: filter-id=acl_name). </P>
<P>My question is how to differentiate this 3 needs by a radius attribute in the request, to be able to send in the response only the good radius authorization attribute depending on aaa type asking. </P>
<P>Response attributes can be priv-lvl=15, filter-id=acl_name or Tunnel-Type = :1:VLAN</P>
<P>the 3 types are configured like this on the csico devices: </P>
<P>aaa authentification login default group radius</P>
<P>aaa authentication 802.1x default group radius </P>
<P>aaa authentication match acl_name interface_name radius</P>
<P> </P>
<P>thank tou for your help</P>
<P>jerrrry</P>
<P> </P>