Strategy Advice
Stefan Winter
stefan.winter at restena.lu
Wed Apr 30 07:50:54 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
|> 1. Shell (telnet/ssh) access to network switches/routers/firewalls
|> on group membership - so that only members of the "Cisco_Admin" group
|> can log into switches and only members of the "wireless" group can
|> authenticate to the WAPs.
Don't know if this is an issue for you, but: Cisco equipment does not
support command authorization via RADIUS (*any* RADIUS...) [for pure
business greed reasons]. So if you really need per-command
authorization, you'll have to stick with TACACS+ which, sadly, is well
catered by ACS.
Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFIGAi++jm90f8eFWYRAnJvAJ9V2HwVoJu0Kfal4ykWqdlQNqBgyQCcC7kB
9of3qWSyWiui+xnFno+qk/E=
=mTSB
-----END PGP SIGNATURE-----
More information about the Freeradius-Users
mailing list