Cisco av-pair for NX-OS and IOS
Øystein Gyland
oystegy at usit.uio.no
Thu Feb 14 12:44:37 CET 2013
On Thu, 2013-02-07 at 23:51 -0500, Norman Zhang wrote:
> Hi,
>
> Using freeradius2-2.1.12. I need to setup read-write access for both
> Cisco NX-OS and IOS devices. I did the following,
>
> DEFAULT Group == operator-rw, Auth-Type = System
> Service-Type = NAS-Prompt-User,
> cisco-avpair := "shell:roles*\"network-admin vdc-admin
> priv-lvl=15\""
>
> I can log into both NX-OS and IOS devices; however, IOS devices only
> permits exec mode not the privileged exec (enable) mode. Not sure if
> I'm doing something wrong on the syntax. Can someone give me few
> pointers?
I guess you should not concatenate the IOS and NX-OS attributes to a
single combined attribute. Also, "priv-lvl=15" should be
"shell:priv-lvl=15" I believe.
This should work:
DEFAULT Group == operator-rw, Auth-Type = System
Cisco-AVPair+="shell:roles=network-admin vdc-admin",
Cisco-AVPair+="shell:priv-lvl=15",
Service-Type = NAS-Prompt-User
-Øystein
More information about the Freeradius-Users
mailing list