Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Per-device/per-user AAA authorization with Freeradius

Hi Folks

I'm using a Freeradius with local username database (no LDAP) for authentication.(working well)

I have various network devices in my network, and I would like to have custom authorization per user per device :

I would like to have 2 types of network admins, and 2 types of network devices, with the following rules :

-"Core devices" must be granted privilege level 15 for "Core admins"

-"Access devices" must be granted privilege level 15 for "Access admins" and "Core admins"

-"Core devices" must be granted privilege level 1 for "Access admins".

-There is now way "Access admins" can access to configuration mode on "Core devices" with enable command.

Any help and config example for freeradius and cisco side are very welcome

thanks

olivier

Everyone's tags (6)
2 REPLIES
Cisco Employee

Per-device/per-user AAA authorization with Freeradius

Hello Olivier,

I would like to suggest you to go to the below link . This document describes the procedure for Per-device user authentication.

http://wiki.freeradius.org/vendor/Cisco#Per-User-Privilege-Level

Hope this may help you

New Member

Per-device/per-user AAA authorization with Freeradius

Hi Ravi

thanks for the URL, however this document does not indicate how to authorize per device AND per user.

have fun

olivier

794
Views
0
Helpful
2
Replies
CreatePlease to create content