There's actually a discussion about this in the archives for this mailing list.
The first post is here: http://onlinestudylist.com/archives/ccie_security/2011-August/027744.htm l Also the rest of the posts on the topic (CLI VIEWs and RADIUS) are found here: http://onlinestudylist.com/archives/ccie_security/2011-August/thread.htm l#27744 From: Jimmy Larsson [mailto:[email protected]] Sent: den 17 februari 2013 20:42 To: Patrick Ogenstad Cc: OSL Security Subject: Re: [OSL | CCIE_Security] Exec access with radius authz? Sounds great. Any reference url on how to implement that radius attribute? /J 2013/2/17 Patrick Ogenstad <[email protected]> Hello, If you are using IOS you can use a parser-view. If you setup a view on the router you can configure the RADIUS server to point to that view for a specific user. Best regards Patrick http://networklore.com From: [email protected] [mailto:[email protected]] On Behalf Of Jimmy Larsson Sent: den 17 februari 2013 20:16 To: OSL Security Subject: [OSL | CCIE_Security] Exec access with radius authz? Hello! If I do radius authenticated cli access I can send priv-lvl as a radius attribute when authenticating the user. Are there other radius-attributes that can be used to differentiate CLI access? With radius you can of course not do per command authorization like with Tacacs+ can. But are there anything else to send to the device from the radius-server? Autocommand? Anything else? Thanks in advance! /Jimmy -- ------- Jimmy Larsson http://nat0.net ------- -- ------- Jimmy Larsson http://nat0.net -------
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
