Stevo,
Yes, it works.
The router I happen to have used is running 14.20 code. I would use at least this code, modern, stable, and has mopst of the features. Radius Will work on all hardware platforms.
The dictionary entries: --------------------------------------------------- Attributes used with multi user access
ATTRIBUTE Bay-User-Level Bay-VSA (100, integer) R
VALUE Bay-User-Level Manager 2
VALUE Bay-User-Level User 4
VALUE Bay-User-Level Operator 8 ---------------------------------------------------- the users.conf entries:
(note this person is level 2 - "Manager")
admin Auth-Type = System
Annex-User-Level = 2,
Annex-Audit-Level = 2,
Service-Type = Framed-User,
Fall-Through = 1(note this person is level 4 - "user")
nortel Auth-Type = System
Annex-User-Level = 4,
Annex-Audit-Level = 4,
Service-Type = Framed-User,
Fall-Through = 1user for Baystack 450: (any user defined on the UNIX box can access)
DEFAULT Auth-Type := System
Service-Type = Administrative-User,
Fall-Through = 1/etc/raddb/clients.conf entry:
client 192.168.17.249 {
secret = bay
shortname = rtr_an1
vendor-id = 1584
nastype = other
}
for Baystack 450:
client 192.168.17.247 {
secret = bay
shortname = bs450_1
nastype = other}
The router - you can configure with Site Manager, or, BCC. Here is the BCC parameters:
access
radius-server-accounts enabledradius
radius-client slot 1 address 192.168.17.249
authentication enabled
back
radius-server address 192.168.17.2
accounting-server-type primary
accounting-udp-port 1813
authentication-server-type primary
authentication-udp-port 1812
primary-server-secret XXX
backOne critical thing to note about nortel routers and switches - the router needs the Annex-User-Level parameter, the switch products need Service-Type = Administrative-User.
Let me know if you need additional info.
best regards
Shawn Adams [EMAIL PROTECTED]
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
