I am returning the following attribute values:
VSA-39: 00000000
VSA-40: 00000000
VSA-41: FFFDFFEF
VSA-42: 00000DF3
Radius management authentication for 6600, 7800, 9700 switches
This works on 9700, 7800, 6602 and 6850.
By "works" I mean I can log on to switch and do a "write memory", i don't have a lab setup so I can not test further then this. Earleir when attributes were set like in the documentation I could not even run "show" commands on 9700 switch, and could not logon to 6850 at all.
I calculated the values using the family bitmap calculator available in GUI of the 9700 (as suggested here). The values are for full write privilege.
By "works" I mean I can log on to switch and do a "write memory", i don't have a lab setup so I can not test further then this. Earleir when attributes were set like in the documentation I could not even run "show" commands on 9700 switch, and could not logon to 6850 at all.
I calculated the values using the family bitmap calculator available in GUI of the 9700 (as suggested here). The values are for full write privilege.
hello
I try with your vsa with 6850 switch
I get the same right in the who command as with Alctel Doc VSA
ls is not working on my switch
what is strange is that I configure in GUI full rw and I don't get the same hex output as you get
Session number = 31
User name = rad,
Access type = telnet,
Access port = NI,
IP address = 10.172.100.121,
Read-only domains = Services ,
Read-only families = ntp dshell config chassis rip ospf vlan bridge qos ripng ospfv3 licensing dhcp-server ,
Read-Write domains = Services ,
Read-Write families = ssh scp-sftp debug snmp rmon module port-mapping health bgp ipx ipmr stp linkaggregation ip-helper qos ripng ospfv3 licensing dhcp-server ,
End-User profile =
there is something strange in that story
A case is open for that
Keep you update
Cedric
I try with your vsa with 6850 switch
I get the same right in the who command as with Alctel Doc VSA
ls is not working on my switch
what is strange is that I configure in GUI full rw and I don't get the same hex output as you get
Session number = 31
User name = rad,
Access type = telnet,
Access port = NI,
IP address = 10.172.100.121,
Read-only domains = Services ,
Read-only families = ntp dshell config chassis rip ospf vlan bridge qos ripng ospfv3 licensing dhcp-server ,
Read-Write domains = Services ,
Read-Write families = ssh scp-sftp debug snmp rmon module port-mapping health bgp ipx ipmr stp linkaggregation ip-helper qos ripng ospfv3 licensing dhcp-server ,
End-User profile =
there is something strange in that story
A case is open for that
Keep you update
Cedric
I tried just now to make sure. I have no trouble showing iP interface, ls, who, changing VLAN port,..... I have AOS 6.3.4.378.R01 GA runing.
When I go to web GUI of 6850 and use the family bitmap calculator there is gives
R1: 00000000
R2: 00000000
W1: 0000007F
W2: 00010000
Maybe you can try with these?
When I go to web GUI of 6850 and use the family bitmap calculator there is gives
R1: 00000000
R2: 00000000
W1: 0000007F
W2: 00010000
Maybe you can try with these?
Hello
I get the solution of my issue :
As i declare value Alcatel-Lucent-Asa-Access as string in my radius, normally should be hexa but choice not avilable in my radius.
So I send back instead value "all" I send value in hexa 616C6C00
ascii all = hexa 616C6C00
ouput
802.1X-> who
Session number = 0
User name = (at login),
Access type = console,
Access port = NS,
IP address = 0.0.0.0,
Read-only domains = None,
Read-only families = ,
Read-Write domains = None,
Read-Write families = ,
End-User profile =
Session number = 34
User name = admin,
Access type = ssh,
Access port = NI,
IP address = 10.172.100.128,
Read-only domains = None,
Read-only families = ,
Read-Write domains = All ,
Read-Write families = ,
End-User profile =
802.1X-> ls
Listing Directory /flash:
drw 1024 Aug 5 12:19 certified/
-rw 317 Aug 5 12:19 boot.params
-rw 64000 Aug 9 17:42 swlog1.log
-rw 64000 Jul 14 17:35 swlog2.log
drw 1024 May 31 14:57 switch/
-rw 11 Jan 2 2008 boot.slot.cfg
-rw 239 Jul 8 16:54 boot.cfg.1.err
drw 1024 Oct 21 2009 network/
-rw 50 Jun 25 15:44 port
-rw 20 May 31 14:57 installed
drw 1024 Aug 5 12:19 working/
3301376 bytes free
I get the solution of my issue :
As i declare value Alcatel-Lucent-Asa-Access as string in my radius, normally should be hexa but choice not avilable in my radius.
So I send back instead value "all" I send value in hexa 616C6C00
ascii all = hexa 616C6C00
ouput
802.1X-> who
Session number = 0
User name = (at login),
Access type = console,
Access port = NS,
IP address = 0.0.0.0,
Read-only domains = None,
Read-only families = ,
Read-Write domains = None,
Read-Write families = ,
End-User profile =
Session number = 34
User name = admin,
Access type = ssh,
Access port = NI,
IP address = 10.172.100.128,
Read-only domains = None,
Read-only families = ,
Read-Write domains = All ,
Read-Write families = ,
End-User profile =
802.1X-> ls
Listing Directory /flash:
drw 1024 Aug 5 12:19 certified/
-rw 317 Aug 5 12:19 boot.params
-rw 64000 Aug 9 17:42 swlog1.log
-rw 64000 Jul 14 17:35 swlog2.log
drw 1024 May 31 14:57 switch/
-rw 11 Jan 2 2008 boot.slot.cfg
-rw 239 Jul 8 16:54 boot.cfg.1.err
drw 1024 Oct 21 2009 network/
-rw 50 Jun 25 15:44 port
-rw 20 May 31 14:57 installed
drw 1024 Aug 5 12:19 working/
3301376 bytes free