differentiating radius attribute

jerrrry at voila.fr jerrrry at voila.fr
Fri Dec 1 17:16:05 CET 2006


Hi everybody,

I'm using freeradius to authenticate and authorize users to cisco switches/routers/FW.
My issue is that i want to do aaa for 3 things on the same device: device administrators login (telnet), for 802.1x EAP/MD5 (, and to manage firewall FWSM ACLs (radius attribute in the response: filter-id=acl_name). 
My question is how to differentiate this 3 needs by a radius attribute in the request, to be able to send in the response only the good radius authorization attribute  depending on aaa type asking. 
Response attributes can be priv-lvl=15, filter-id=acl_name or Tunnel-Type = :1:VLAN
the 3 types are configured like this on the csico devices: 
aaa authentification login default group radius
aaa  authentication 802.1x default group radius 
aaa authentication match acl_name interface_name radius

thank tou for your help
jerrrry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061201/c14c7712/attachment.html>


More information about the Freeradius-Users mailing list