I am attempting to configure RADIUS Authentication for switch access as well as port security, but I have encounter a security issue which have me stuck.
RADIUS authentication is working fine, I am able to connect to the switch using the RADIUS server authorized group; but since am also configuring 802.1x I am able to login with any mac-address that is authorize to connect to the network via the switch via the Web-GUI. I am able to connect via putty with any username, but the "Enable" password is restricted to the username supply in the RADIUS configuration username.
I have two groups, one with the Switch/Network admin users and one containing the Mac Addresses; two security policies, the first-one only containing the AD group with network admin and the second containing two conditions Mac-Address Group and NAS Port Type Ethernet.
How can I allow only the Network Admins to login via ssh/web and deny all other group?