0 Replies Latest reply on May 5, 2018 2:21 PM by speedy

    Switch RADIUS server Authentication

    speedy New Member

      Hello all,

       

      I am attempting to configure RADIUS Authentication for switch access as well as port security, but I have encounter a security issue which have me stuck.

      RADIUS authentication is working fine, I am able to connect to the switch using the RADIUS server authorized group; but since am also configuring 802.1x I am able to login with any mac-address that is authorize to connect to the network via the switch via the Web-GUI. I am able to connect via putty with any username, but the "Enable" password is restricted to the username supply in the RADIUS configuration username.

       

      I have two groups, one with the Switch/Network admin users and one containing the Mac Addresses; two security policies, the first-one only containing the AD group with network admin and the second containing two conditions Mac-Address Group and NAS Port Type Ethernet.

       

      How can I allow only the Network Admins to login via ssh/web and deny all other group?