Mobility/Wireless

Reply
Occasional Contributor
Posts: 6
Registered: ‎03-14-2012

7131 Adminitrator access with RADIUS

Has anyone configured admin access to an external RADIUS server for a 7131? I have it ...sort of... working. I can log on with my RADIUS user, but they cannot type "enable". Does anyone know the vendor code, VSA's, and their values that apply to the 7131? I tried the same settings I use for ethernet swtiches, but all I get is limited access.


Thanks,

Occasional Contributor
Posts: 7
Registered: ‎01-05-2011

Re: 7131 Adminitrator access with RADIUS

Sorry if you've had to discover this yourself but I've only just seen your old post. From the freeradius dictionary we use Foundry-Privilege-Level := 32768 to grant administrator access. I believe you can also use the motorola symbol attributes to set administrative access. Sadly I cannot remember which guide I've seen these in, if I remember I'll add it to the post.

Extract from freeradius dictionary for reference for actual codes :-

# -*- text -*-

#

#  dictionary.foundry

#

#       As posted to the list by Thomas Keitel <tkeitel@arc.nasa.gov>

#

# Version:      $Id$

#

VENDOR          Foundry                         1991

BEGIN-VENDOR    Foundry

ATTRIBUTE       Foundry-Privilege-Level                 1       integer

ATTRIBUTE       Foundry-Command-String                  2       string

ATTRIBUTE       Foundry-Command-Exception-Flag          3       integer

ATTRIBUTE       Foundry-INM-Privilege                   4       integer

ATTRIBUTE       Foundry-Access-List                     5       string

ATTRIBUTE       Foundry-MAC-Authent-needs-802.1x        6       integer

ATTRIBUTE       Foundry-802.1x-Valid-Lookup             7       integer

ATTRIBUTE       Foundry-MAC-Based-Vlan-QoS              8       integer

ATTRIBUTE       Foundry-INM-Role-Aor-List               9       string

VALUE   Foundry-INM-Privilege           AAA_pri_0               0

VALUE   Foundry-INM-Privilege           AAA_pri_1               1

VALUE   Foundry-INM-Privilege           AAA_pri_2               2

VALUE   Foundry-INM-Privilege           AAA_pri_3               3

VALUE   Foundry-INM-Privilege           AAA_pri_4               4

VALUE   Foundry-INM-Privilege           AAA_pri_5               5

VALUE   Foundry-INM-Privilege           AAA_pri_6               6

VALUE   Foundry-INM-Privilege           AAA_pri_7               7

VALUE   Foundry-INM-Privilege           AAA_pri_8               8

VALUE   Foundry-INM-Privilege           AAA_pri_9               9

VALUE   Foundry-INM-Privilege           AAA_pri_10              10

VALUE   Foundry-INM-Privilege           AAA_pri_11              11

VALUE   Foundry-INM-Privilege           AAA_pri_12              12

VALUE   Foundry-INM-Privilege           AAA_pri_13              13

VALUE   Foundry-INM-Privilege           AAA_pri_14              14

VALUE   Foundry-INM-Privilege           AAA_pri_15              15

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_0          0

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_1          1

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_2          2

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_3          3

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_4          4

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_5          5

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_6          6

VALUE   Foundry-MAC-Based-Vlan-QoS      QoS_priority_7          7

END-VENDOR      Foundry

Occasional Contributor
Posts: 7
Registered: ‎01-05-2011

Re: 7131 Adminitrator access with RADIUS

Also a list of the roles that the controller accept are in the file dictionary.symbol. As mentioned I believe one of the customisations done by brocade was to allow these values to be received when  sent as foundry attributes.

# -*- text -*-

##############################################################################

#

#       Symbol VSAs

#

#       $Id$

#

##############################################################################

VENDOR          Symbol                          388

BEGIN-VENDOR    Symbol

ATTRIBUTE       Symbol-Admin-Role                       1       integer

VALUE   Symbol-Admin-Role               Monitor                 1

VALUE   Symbol-Admin-Role               Helpdesk                2

VALUE   Symbol-Admin-Role               NetworkAdmin            4

VALUE   Symbol-Admin-Role               SysAdmin                8

VALUE   Symbol-Admin-Role               WebAdmin                16

VALUE   Symbol-Admin-Role               SuperUser               32768

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook