Enterasys switches - radius authentication - management-access

Radius servers configured divided into users groups.Below filter-id for read only access:

 

enterasys-ro.jpg

 

 

 

For super users(SU) filter-id should be like below:

 

 

 

enterasys-su.jpg

 

 

 

  • Set radius servers

 

(su)->set radius server 1 1.1.1.1 1645 xxxxxxxx

 

(su)->set radius server 2 2.2.2.2 1645 xxxxxxxx

 

1645 is udp port , xxxxx is pre-shared key.

 

  • Set function of radius servers( management-access,network-access or any).

 

set radius realm management-access all

 

If you have also "dot1x" radius servers commands should be:

 

set radius realm maangement-access 1

 

set radius realm maangement-access 2

 

  • Set source interface for radius messages(new firmware only),e.g.

 

set radius interface vlan 1

 

  • Enable radius authentication globally.

 

set radius enable

 

  • Check users authentication method.

 

show authentication login

 

 

auth_login.jpg

 

 

 

If your settings are "local" or "tacacs" change it to any:.

 

set authentication login any

 

In "any" method order will be the following:radius,local.

 

  • Check radius configuration before logout.

 

show radius

 

 

radius_set.jpg

 

  • Save configuration!

 

Fonte: http://www.danpol.net/index.php/enterasys/switches/radius-authentication-management-accesssu/

.