Freeradius + Cisco WLC + Authorisation
Sander Eerdekens
sander.eerdekens at uzleuven.be
Wed Jan 14 13:37:34 CET 2015
Hello,
> > What settings to I need to include in /etc/raddb/users to allow the
> > correct Authorisation level?
>
> ...
>
> we looked at using RADIUS but found that cisco still have more bias towards TACACS+
> so we use that for multi-grained access control to the WCS system (different tasks
> available for different people on the web interface...not just a 'all admin' switch)
We actually use radius for this. The Cisco-AVPairs we are using are:
Cisco-AVPair += "Wireless-WCS:virtual-domain0=root",
Cisco-AVPair += "Wireless-WCS:role0=Admin",
Cisco-AVPair += "Wireless-WCS:task0=Users and Groups",
Cisco-AVPair += "Wireless-WCS:task1=Audit Trails",
Cisco-AVPair += "Wireless-WCS:task2=TACACS+ Servers",
Cisco-AVPair += "Wireless-WCS:task3=RADIUS Servers",
Cisco-AVPair += "Wireless-WCS:task4=Logging",
Cisco-AVPair += "Wireless-WCS:task5=License Center",
Cisco-AVPair += "Wireless-WCS:task6=Scheduled Tasks and Data Collection",
Cisco-AVPair += "Wireless-WCS:task7=User Preferences",
Cisco-AVPair += "Wireless-WCS:task8=System Settings",
Cisco-AVPair += "Wireless-WCS:task9=View Alerts and Events",
Cisco-AVPair += "Wireless-WCS:task10=Email Notification",
Cisco-AVPair += "Wireless-WCS:task11=Delete and Clear Alerts",
Cisco-AVPair += "Wireless-WCS:task12=Pick and Unpick Alerts",
Cisco-AVPair += "Wireless-WCS:task13=Configure Controllers",
Cisco-AVPair += "Wireless-WCS:task14=Configure Templates",
Cisco-AVPair += "Wireless-WCS:task15=Configure Config Groups",
Cisco-AVPair += "Wireless-WCS:task16=Configure Access Points",
Cisco-AVPair += "Wireless-WCS:task17=Configure Access Point Templates",
Cisco-AVPair += "Wireless-WCS:task18=Configure Choke Points",
Cisco-AVPair += "Wireless-WCS:task19=Monitor Controllers",
Cisco-AVPair += "Wireless-WCS:task20=Monitor Access Points",
Cisco-AVPair += "Wireless-WCS:task21=Monitor Clients",
Cisco-AVPair += "Wireless-WCS:task22=Monitor Tags",
Cisco-AVPair += "Wireless-WCS:task23=Monitor Security",
Cisco-AVPair += "Wireless-WCS:task24=Monitor Chokepoints",
Cisco-AVPair += "Wireless-WCS:task25=Mesh Reports",
Cisco-AVPair += "Wireless-WCS:task26=Client Reports",
Cisco-AVPair += "Wireless-WCS:task27=Performance Reports",
Cisco-AVPair += "Wireless-WCS:task28=Security Reports",
Cisco-AVPair += "Wireless-WCS:task29=Location Server Management",
Cisco-AVPair += "Wireless-WCS:task30=View Location Notifications",
Cisco-AVPair += "Wireless-WCS:task31=Maps Read Only",
Cisco-AVPair += "Wireless-WCS:task32=Maps Read Write",
Cisco-AVPair += "Wireless-WCS:task33=Client Location",
Cisco-AVPair += "Wireless-WCS:task34=Rogue Location",
Cisco-AVPair += "Wireless-WCS:task35=Planning Mode",
Cisco-AVPair += "Wireless-WCS:task36=Ack and Unack Alerts",
Cisco-AVPair += "Wireless-WCS:task37=Migration Templates",
Cisco-AVPair += "Wireless-WCS:task38=Configure Spectrum Experts",
Cisco-AVPair += "Wireless-WCS:task39=Monitor Spectrum Experts",
Cisco-AVPair += "Wireless-WCS:task40=Auto Provisioning",
Cisco-AVPair += "Wireless-WCS:task41=Voice Audit Report",
Cisco-AVPair += "Wireless-WCS:task42=Virtual Domain Management",
Cisco-AVPair += "Wireless-WCS:task43=Scheduled Configuration Tasks",
Cisco-AVPair += "Wireless-WCS:task44=Configure WiFi TDOA Receivers",
Cisco-AVPair += "Wireless-WCS:task45=Configure ACS View Servers",
Cisco-AVPair += "Wireless-WCS:task46=Monitor WiFi TDOA Receivers",
Cisco-AVPair += "Wireless-WCS:task47=RRM Dashboard",
Cisco-AVPair += "Wireless-WCS:task48=Config Audit Dashboard",
Cisco-AVPair += "Wireless-WCS:task49=High Availability Configuration",
Cisco-AVPair += "Wireless-WCS:task50=Health Monitor Details",
Cisco-AVPair += "Wireless-WCS:task51=Configure WIPS Profiles",
Cisco-AVPair += "Wireless-WCS:task52=Global SSID Groups",
Cisco-AVPair += "Wireless-WCS:task53=Configure Lightweight Access Point Templates",
Cisco-AVPair += "Wireless-WCS:task54=Configure Autonomous Access Point Templates",
Cisco-AVPair += "Wireless-WCS:task55=Configure Ethernet Switch Ports",
Cisco-AVPair += "Wireless-WCS:task56=Configure Ethernet Switches",
Cisco-AVPair += "Wireless-WCS:task57=Device Reports",
Cisco-AVPair += "Wireless-WCS:task58=Network Summary Reports",
Cisco-AVPair += "Wireless-WCS:task59=Compliance Reports",
Cisco-AVPair += "Wireless-WCS:task60=Report Launch Pad",
Cisco-AVPair += "Wireless-WCS:task61=Run Reports List",
Cisco-AVPair += "Wireless-WCS:task62=Saved Reports List",
Cisco-AVPair += "Wireless-WCS:task63=Report Run History",
Cisco-AVPair += "Wireless-WCS:task64=Ack and Unack Security Index Issues",
Cisco-AVPair += "Wireless-WCS:task65=View Security Index Issues",
Cisco-AVPair += "Wireless-WCS:task66=Monitor Media Streams",
Cisco-AVPair += "Wireless-WCS:task67=Monitor Interferers",
Cisco-AVPair += "Wireless-WCS:task68=Voice Diagnostics",
Cisco-AVPair += "Wireless-WCS:task69=CleanAir Reports",
Cisco-AVPair += "Wireless-WCS:task70=ContextAware Reports",
Cisco-AVPair += "Wireless-WCS:task71=Automated Feedback",
Cisco-AVPair += "Wireless-WCS:task72=TAC Case Attachment Tool",
The role can be Admin or System Monitoring.
Not sure where this came from as a collogue of mine wrote this config.
Kind regards
Sander Eerdekens
More information about the Freeradius-Users
mailing list