Hi, I use PF for the NAC part and for the cli of the switches I use a separate freeradius server. But in the freeradius and also in de PF setup with an radius filter you can add: Cisco-AVPair = "shell:roles=network-admin vdc-admin"
With this in mind you can take a look at: https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115926-tacacs-radius-devices-00.html for roles and cmd’s Good luck! [http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg] [cid:image007.png@01D8E39A.65A41330] Martijn Langendoen netwerkbeheerder mlangend...@dezb.nl<mailto:mlangend...@dezb.nl> [cid:image007.png@01D8E39A.65A41330] 0118 654307 [http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/facebook.jpg]<https://www.facebook.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/twitter.jpg]<https://www.twitter.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/linkedin.jpg]<https://www.linkedin.com/company/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/instagram.jpg]<https://www.instagram.com/dezbnl>/dezbnl www.dezb.nl<http://www.dezb.nl/> [cid:image007.png@01D8E39A.65A41330] Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg Van: DeSantos, Matthew via PacketFence-users <packetfence-users@lists.sourceforge.net> Verzonden: 18 October 2022 17:41 Aan: packetfence-users@lists.sourceforge.net CC: DeSantos, Matthew <mdesan...@jordans.com> Onderwerp: Re: [PacketFence-users] Role-Based CLI Access I’m also interested in this setup. Does anyone have a working example? From: Mr.Pine via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> Sent: Saturday, October 15, 2022 1:48 AM To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Cc: Mr.Pine <pine5...@gmail.com<mailto:pine5...@gmail.com>> Subject: [PacketFence-users] Role-Based CLI Access CAUTION: This email originated from outside of Jordan's. Hi, I want to know if pf can manage Role-Based CLI Access for cisco switch. for example define what commands are accepted and what configuration information is visible for users Any ideas?!
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
