Stevo,
Yes, it works.
The router I happen to have used is running 14.20 code. I would use at least this code, modern, stable, and has mopst of the features. Radius Will work on all hardware platforms.
The dictionary entries: --------------------------------------------------- Attributes used with multi user access
ATTRIBUTE Bay-User-Level Bay-VSA (100, integer) R
VALUE Bay-User-Level Manager 2
VALUE Bay-User-Level User 4
VALUE Bay-User-Level Operator 8 ---------------------------------------------------- the users.conf entries:
(note this person is level 2 - "Manager") admin Auth-Type = System Annex-User-Level = 2, Annex-Audit-Level = 2, Service-Type = Framed-User, Fall-Through = 1
(note this person is level 4 - "user") nortel Auth-Type = System Annex-User-Level = 4, Annex-Audit-Level = 4, Service-Type = Framed-User, Fall-Through = 1
user for Baystack 450: (any user defined on the UNIX box can access)
DEFAULT Auth-Type := System Service-Type = Administrative-User, Fall-Through = 1
/etc/raddb/clients.conf entry:
client 192.168.17.249 { secret = bay shortname = rtr_an1 vendor-id = 1584 nastype = other } for Baystack 450: client 192.168.17.247 { secret = bay shortname = bs450_1 nastype = other
}
The router - you can configure with Site Manager, or, BCC. Here is the BCC parameters:
access radius-server-accounts enabled
radius radius-client slot 1 address 192.168.17.249 authentication enabled back radius-server address 192.168.17.2 accounting-server-type primary accounting-udp-port 1813 authentication-server-type primary authentication-udp-port 1812 primary-server-secret XXX back
One critical thing to note about nortel routers and switches - the router needs the Annex-User-Level parameter, the switch products need Service-Type = Administrative-User.
Let me know if you need additional info.
best regards
Shawn Adams [EMAIL PROTECTED]
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html