Enterasys switches - radius authentication - management-access

 

  • Assumptions

Radius servers configured divided into users groups.Below filter-id for read only access:

enterasys-ro.jpg

 

For super users(SU) filter-id should be like below:


enterasys-su.jpg


  • Set radius servers

(su)->set radius server 1 1.1.1.1 1645 xxxxxxxx

(su)->set radius server 2 2.2.2.2 1645 xxxxxxxx

1645 is udp port , xxxxx is pre-shared key.

  • Set function of radius servers( management-access,network-access or any).

set radius realm management-access all

If you have also "dot1x" radius servers commands should be:

set radius realm maangement-access 1

set radius realm maangement-access 2

  • Set source interface for radius messages(new firmware only),e.g.

set radius interface vlan 1

  • Enable radius authentication globally.

set radius enable

  • Check users authentication method.

show authentication login


auth_login.jpg

 

If your settings are "local" or "tacacs" change it to any:.

set authentication login any

In "any" method order will be the following:radius,local.

  • Check radius configuration before logout.

show radius


radius_set.jpg

  • Save configuration!
 
dzbanek 2012-10-13

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.