differentiating radius attribute
jerrrry at voila.fr
jerrrry at voila.fr
Fri Dec 1 17:16:05 CET 2006
Hi everybody,
I'm using freeradius to authenticate and authorize users to cisco switches/routers/FW.
My issue is that i want to do aaa for 3 things on the same device: device administrators login (telnet), for 802.1x EAP/MD5 (, and to manage firewall FWSM ACLs (radius attribute in the response: filter-id=acl_name).
My question is how to differentiate this 3 needs by a radius attribute in the request, to be able to send in the response only the good radius authorization attribute depending on aaa type asking.
Response attributes can be priv-lvl=15, filter-id=acl_name or Tunnel-Type = :1:VLAN
the 3 types are configured like this on the csico devices:
aaa authentification login default group radius
aaa authentication 802.1x default group radius
aaa authentication match acl_name interface_name radius
thank tou for your help
jerrrry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061201/c14c7712/attachment.html>
More information about the Freeradius-Users
mailing list