Matt Ashfield wrote:
> HI,
> I have a network switch that I'm trying to configure to allow Console port
> authentication via RADIUS.
> In the documentation of the switch it says:
> "To provide each user with appropriate levels of access to the switch, set
> the following username attributes on your RADIUS server:
> - R/W access -- Set the Service-Type field value to Administrative
> - Read-Only -- set the Service-Type field value to NAS-Prompt"
> So, in my users file, I have defined a user:
> "testuser"  NAS-IP-Address == "", Cleartext-Password :=
> "testing", Service-Type =="Administrative-User"

  Which matches if there's a request for administrative user.  You also
have to acknowledge that request in the response, otherwise the NAS will
not let the administrator in:

"testuser"  NAS-IP-Address == "", Cleartext-Password :=
 "testing", Service-Type =="Administrative-User"
        Service-Type := "Administrative-User"

> However, when I run a packet capture, I see that no Radius attributes are
> being passed back to the NAS device. Shouldn't I be seeing the
> Administrative-User attribute?

  If you don't tell the server to send it back, no.

  Alan DeKok.
--       - The web site of the book - The blog
List info/subscribe/unsubscribe? See

Reply via email to