Options
MS Radius server for mixes IOS (IOS-XR, IOS-XE, NX-OS, IOS)
saddayz
Member Posts: 29 ■□□□□□□□□□
Hello,
Have the situation where i should deploy a dual (active/standby) Radius servers using MS Windows and Active Directory. The main problem is that it should work for 3 or even 4 types of cisco firmware versions - NX-OS, IOS-XR, IOS-XE and maybe simple IOS. In Radius server config there are 2 attributes configured VSA and Standard (Service Type). I made a little research and saw that Standard attribute could be left empty and everything works fine. The main conern is about VSA attribute. As i digged through manuals - IOS-XR, IOS-XE and IOS understands "shell:priv-lvl=15" context; and the NX-OS understands this: "shell:roles=network-admin". So im thinking to putting these different VSA attributes under one policy and every time the user authenticates the cisco device would get both types and acts by the one it understands. Or it's better to create a separate radius server policies for each different VSA types ? Main goal is to have two types of user categories: All access and Read only. Maybe oyu have some recommendations? Thanks
Have the situation where i should deploy a dual (active/standby) Radius servers using MS Windows and Active Directory. The main problem is that it should work for 3 or even 4 types of cisco firmware versions - NX-OS, IOS-XR, IOS-XE and maybe simple IOS. In Radius server config there are 2 attributes configured VSA and Standard (Service Type). I made a little research and saw that Standard attribute could be left empty and everything works fine. The main conern is about VSA attribute. As i digged through manuals - IOS-XR, IOS-XE and IOS understands "shell:priv-lvl=15" context; and the NX-OS understands this: "shell:roles=network-admin". So im thinking to putting these different VSA attributes under one policy and every time the user authenticates the cisco device would get both types and acts by the one it understands. Or it's better to create a separate radius server policies for each different VSA types ? Main goal is to have two types of user categories: All access and Read only. Maybe oyu have some recommendations? Thanks