I have setup CSACS to authenticate router & switches, and wireless client authentication.
In CSACS v2.6, there is a option to restrict user to certain NAS IP address. Using this feature, on Cisco router, I am able to setup RADIUS authentication that restrict only administrator account to do a VTY telnet. However, it does not seem to work for Cat6000 series switches. Any account such as user wireless account will enter the switch exec command once the username and password is correct. Is there any additional config to run ? Pls advise.
The other issue is does Cat2900/3500XL series support RADIUS authentication? I cant find any documentation although under aaa new-model radius is one of the option.