08-17-2017 12:57 PM
I'm using a windows radius server for switch login authentication. I'm allowing our helpdesk to have port config (which works fine) however they can still disable the uplink ports which is a risk we can't take. I've tried to configure the foundry-command-exception-flag to not allow them to execute the disable command. I've attached screenshots of the setup for this.
08-21-2017 05:51 AM
I have never actually used Radius for command authorization but as far as I can tell you appear to have parameters configured correctly according to this http://www.brocade.com/content/html/en/configuration-guide/NI_05800a_SECURITY/GUID-908FB57D-58F9-4804-90DD-40D5F10DD242.html
I have previously successful used TACACS+ to implement command authorization and I know that this works OK and should give you the behaviour that you would like.
You also do not mention which type of hardware you are attempting to implement this on?