Wireless

Reply
Occasional Contributor
sbartley_1
Posts: 6
Registered: ‎03-14-2012

7131 Adminitrator access with RADIUS

Has anyone configured admin access to an external RADIUS server for a 7131? I have it ...sort of... working. I can log on with my RADIUS user, but they cannot type "enable". Does anyone know the vendor code, VSA's, and their values that apply to the 7131? I tried the same settings I use for ethernet swtiches, but all I get is limited access.


Thanks,

Occasional Contributor
williamsmj7
Posts: 7
Registered: ‎01-05-2011

Re: 7131 Adminitrator access with RADIUS

Sorry if you've had to discover this yourself but I've only just seen your old post. From the freeradius dictionary we use Foundry-Privilege-Level := 32768 to grant administrator access. I believe you can also use the motorola symbol attributes to set administrative access. Sadly I cannot remember which guide I've seen these in, if I remember I'll add it to the post.

Extract from freeradius dictionary for reference for actual codes :-

# -*- text -*-

#

#  dictionary.foundry

#

#       As posted to the list by Thomas Keitel <tkeitel@arc.nasa.gov>

#

# Version:      $Id$

#

VENDOR          Foundry                         1991

BEGIN-VENDOR    Foundry

ATTRIBUTE       Foundry-Privilege-Level                 1       integer

ATTRIBUTE       Foundry-Command-String                  2       string

ATTRIBUTE       Foundry-Command-Exception-Flag          3       integer

ATTRIBUTE       Foundry-INM-Privilege                   4       integer

ATTRIBUTE       Foundry-Access-List                     5       string

ATTRIBUTE       Foundry-MAC-Authent-needs-802.1x        6       integer

ATTRIBUTE       Foundry-802.1x-Valid-Lookup             7       integer

ATTRIBUTE       Foundry-MAC-Based-Vlan-QoS              8       integer

ATTRIBUTE       Foundry-INM-Role-Aor-List               9       string

VALUE   Foundry-INM-Privilege           AAA_pri_0               0

VALUE   Foundry-INM-Privilege           AAA_pri_1               1

VALUE   Foundry-INM-Privilege           AAA_pri_2               2

VALUE   Foundry-INM-Privilege           AAA_pri_3               3

VALUE   Foundry-INM-Privilege           AAA_pri_4               4

VALUE   Foundry-INM-Privilege           AAA_pri_5               5

VALUE   Foundry-INM-Privilege           AAA_pri_6               6

VALUE   Foundry-INM-Privilege           AAA_pri_7               7

VALUE   Foundry-INM-Privilege           AAA_pri_8               8

VALUE   Foundry-INM-Privilege           AAA_pri_9               9

VALUE   Foundry-INM-Privilege           AAA_pri_10              10

VALUE   Foundry-INM-Privilege           AAA_pri_11              11

VALUE   Foundry-INM-Privilege           AAA_pri_12              12

VALUE   Foundry-INM-Privilege           AAA_pri_13              13

VALUE   Foundry-INM-Privilege           AAA_pri_14              14

VALUE   Foundry-INM-Privilege           AAA_pri_15              15

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_0          0

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_1          1

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_2          2

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_3          3

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_4          4

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_5          5

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_6          6

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_7          7

END-VENDOR      Foundry

Occasional Contributor
williamsmj7
Posts: 7
Registered: ‎01-05-2011

Re: 7131 Adminitrator access with RADIUS

Also a list of the roles that the controller accept are in the file dictionary.symbol. As mentioned I believe one of the customisations done by brocade was to allow these values to be received when  sent as foundry attributes.

# -*- text -*-

##############################################################################

#

#       Symbol VSAs

#

#       $Id$

#

##############################################################################

VENDOR          Symbol                          388

BEGIN-VENDOR    Symbol

ATTRIBUTE       Symbol-Admin-Role                       1       integer

VALUE   Symbol-Admin-Role               Monitor                 1

VALUE   Symbol-Admin-Role               Helpdesk                2

VALUE   Symbol-Admin-Role               NetworkAdmin            4

VALUE   Symbol-Admin-Role               SysAdmin                8

VALUE   Symbol-Admin-Role               WebAdmin                16

VALUE   Symbol-Admin-Role               SuperUser               32768

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.