Re: FreeRadius and Nortel

Shawn Adams Tue, 04 Mar 2003 12:19:57 -0800

Stevo,

Yes, it works.


The router I happen to have used is running 14.20 code.
I would use at least this code, modern, stable, and has mopst of the
features. Radius Will work on all hardware platforms.


The dictionary entries:
---------------------------------------------------
Attributes used with multi user access

ATTRIBUTE Bay-User-Level Bay-VSA (100, integer) R

VALUE Bay-User-Level Manager 2

VALUE Bay-User-Level User 4

VALUE Bay-User-Level Operator 8
----------------------------------------------------
the users.conf entries:

(note this person is level 2 - "Manager")
admin    Auth-Type = System
         Annex-User-Level = 2,
         Annex-Audit-Level = 2,
         Service-Type = Framed-User,
         Fall-Through = 1

(note this person is level 4 - "user")
nortel   Auth-Type = System
         Annex-User-Level = 4,
         Annex-Audit-Level = 4,
         Service-Type = Framed-User,
         Fall-Through = 1

user for Baystack 450: (any user defined on the UNIX box can access)

DEFAULT Auth-Type := System
        Service-Type = Administrative-User,
        Fall-Through = 1


/etc/raddb/clients.conf entry:

client 192.168.17.249 {
        secret          = bay
        shortname       = rtr_an1
        vendor-id       = 1584
        nastype         = other
}
for Baystack 450:
client 192.168.17.247 {
        secret          = bay
        shortname       = bs450_1
        nastype         = other

}

The router - you can configure with Site Manager, or, BCC. Here is the
BCC parameters:

access
      radius-server-accounts enabled

radius
    radius-client slot 1 address 192.168.17.249
        authentication enabled
back
    radius-server address 192.168.17.2
    accounting-server-type primary
    accounting-udp-port 1813
    authentication-server-type primary
    authentication-udp-port 1812
    primary-server-secret XXX
back

One critical thing to note about nortel routers and switches - the
router needs the Annex-User-Level parameter, the switch products need
Service-Type = Administrative-User.

Let me know if you need additional info.


best regards



On Thu, 2003-02-27 at 20:57, Stevo wrote:
> This is my day for questions...  has anyone been able to get
> FreeRadius to work on a Nortel router??  I have a Nortel ASN, ARN and
> AN that I'd like to use radius on.
>  
> I'll take any help you guys can give!!
>  
> Thanks
>  
> --Stevo
>  
-- 
Shawn Adams
[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius and Nortel

Reply via email to