networks in clients.conf

Alan DeKok aland at
Wed Nov 8 00:27:58 CET 2006

"Mike May" <mmay3 at> wrote:
> After the authn I set some authz like  Cisco-AVPair =
> "priv-lvl=15" used by Cisco routers and switches for network engineers who
> live in the proper LDAP group, here is where the problem is. PIX firewalls
> do not like me setting the priv lvl, and the reason is that the PIX will
> only accept authz from a tacacs server(it seems like).

  So.. don't specify that for the PIX firewall, *or* add it only for
the non-PIX machines.

>  What I need to do is
> specify a "netauth" ==    NAS-IP-ADDRESS subnet. Instead of
> "netauth"  == NAS-IP-ADDRESS, this way I can use my users file
> and not set the Cisco priv lvl for those devices that live on the firewall
> subnets.

  You can match IP's via regular expressions. 

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list