Mats Blomgren B wrote:
3 of the users should have full access (read/write) to the network (94 Extreme Switches). This is straight forward. The other 3 should have read/write to about 80 switches and read only to the last 14.
Put the users into groups. Put the NASes into groups. Apply policies based on group membership.
I understand that I can group devices in huntgroups and users in groups and then control the access.
Yes. However, huntgroups may not be the best way to handle this.
The problem I have is that I don't know how to give a certain user a specific "Service-Type" depending on the NAS he/she tries to connect to. I want the Service Type do differ for certain users depending on the NAS.
Don't. Do *group* checking. if ((Packet-Src-IP-Address == 1.2.3.4) || ... # 80 times update request { NAS-Group = "one" # define this in "dictionary" } } elsif ((Packet-Src-IP-Address == 2.3.4.5) || ... # 14 times update request { NAS-Group = "two" } } Put the users into similar groups. Put them into groups called "admin", "some", or "readonly". if (User-Group == "admin") { update reply { Service-Type = Administrative-User } } elsif ((User-Group == "some") && (NAS-Group == "one")) { update reply { Service-Type = Administrative-User } } else { update reply { Service-Type = Login-User } } Alan DeKok.