Cisco and Enterasys not active access to Authenticated User
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Fri Mar 18 14:47:32 CET 2011
Hi,
> Hello everyone,
> I have a scenario that is configured to access active Linux, Cisco and
> Enterasys for when using Cisco VPN can not authenticate in assets. Only
> works when it is turned off Filter-ID == "Enterasys: version = 1: mgmt =
> rw ". Is there any way to configure and access the assets?
>
> Follow the example set :
>
> FreeRADIUS Version 2.0.4
>
> example_user�� Auth-Type := LDAP
> �������������������� Service-Type = Shell-User,
> ��������������������� Cisco-AVPair = "shell:priv-lvl=15",
> ��������������������� Cisco-AVPair = "shell:cmd*",
> ������������������ Filter-ID == "Enterasys:version=1:mgmt=rw"
easy way no.1: create another users entry with a fall-through
allowed which basically requires the Cisco kit as a NAS-IP-Address eg
example_user Auth-Type := LDAP, NAS-IP-Address == xxx.xxx.xxx.xxx
Service-Type = Shell-User,
Cisco-AVPair = "shell:priv-lvl=15",
Cisco-AVPair = "shell:cmd*",
where xxx.xxx.xxx.xxx is the NAS-IP-Address of your cisco kit.
if you want a basic easy way no.2 , then dont use NAS-IP-Address,
use a huntgroup and define your cisco NAS kit in the huntgroups instead
(easy way to have lots of IP addresses for those devices)
alan
More information about the Freeradius-Users
mailing list