Strategy Advice

Stefan Winter stefan.winter at restena.lu
Wed Apr 30 07:50:54 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

|> 1.  Shell (telnet/ssh) access to network switches/routers/firewalls

|> on group membership - so that only members of the "Cisco_Admin" group
|> can log into switches and only members of the "wireless" group can
|> authenticate to the WAPs.

Don't know if this is an issue for you, but: Cisco equipment does not
support command authorization via RADIUS (*any* RADIUS...) [for pure
business greed reasons]. So if you really need per-command
authorization, you'll have to stick with TACACS+ which, sadly, is well
catered by ACS.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFIGAi++jm90f8eFWYRAnJvAJ9V2HwVoJu0Kfal4ykWqdlQNqBgyQCcC7kB
9of3qWSyWiui+xnFno+qk/E=
=mTSB
-----END PGP SIGNATURE-----



More information about the Freeradius-Users mailing list