Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Contributor

Switch RADIUS server Authentication

Hello all,

I am attempting to configure RADIUS Authentication for switch access as well as port security, but I have encounter a security issue which have me stuck.

RADIUS authentication is working fine, I am able to connect to the switch using the RADIUS server authorized group; but since am also configuring 802.1x I am able to login with any mac-address that is authorize to connect to the network via the switch via the Web-GUI. I am able to connect via putty with any username, but the "Enable" password is restricted to the username supply in the RADIUS configuration username.

I have two groups, one with the Switch/Network admin users and one containing the Mac Addresses; two security policies, the first-one only containing the AD group with network admin and the second containing two conditions Mac-Address Group and NAS Port Type Ethernet.

How can I allow only the Network Admins to login via ssh/web and deny all other group?

0 Kudos