Enterasys switches - radius authentication - management-access

Radius servers configured divided into users groups.Below filter-id for read only access:






For super users(SU) filter-id should be like below:








  • Set radius servers


(su)->set radius server 1 1645 xxxxxxxx


(su)->set radius server 2 1645 xxxxxxxx


1645 is udp port , xxxxx is pre-shared key.


  • Set function of radius servers( management-access,network-access or any).


set radius realm management-access all


If you have also "dot1x" radius servers commands should be:


set radius realm maangement-access 1


set radius realm maangement-access 2


  • Set source interface for radius messages(new firmware only),e.g.


set radius interface vlan 1


  • Enable radius authentication globally.


set radius enable


  • Check users authentication method.


show authentication login







If your settings are "local" or "tacacs" change it to any:.


set authentication login any


In "any" method order will be the following:radius,local.


  • Check radius configuration before logout.


show radius





  • Save configuration!


Fonte: http://www.danpol.net/index.php/enterasys/switches/radius-authentication-management-accesssu/