Hi, I use PF for the NAC part and for the cli of the switches I use a separate freeradius server. But in the freeradius and also in de PF setup with an radius filter you can add: Cisco-AVPair = "shell:roles=network-admin vdc-admin"
With this in mind you can take a look at: https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115926-tacacs-radius-devices-00.html for roles and cmd’s Good luck! [http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg] [cid:[email protected]] Martijn Langendoen netwerkbeheerder [email protected]<mailto:[email protected]> [cid:[email protected]] 0118 654307 [http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/facebook.jpg]<https://www.facebook.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/twitter.jpg]<https://www.twitter.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/linkedin.jpg]<https://www.linkedin.com/company/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/instagram.jpg]<https://www.instagram.com/dezbnl>/dezbnl www.dezb.nl<http://www.dezb.nl/> [cid:[email protected]] Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg Van: DeSantos, Matthew via PacketFence-users <[email protected]> Verzonden: 18 October 2022 17:41 Aan: [email protected] CC: DeSantos, Matthew <[email protected]> Onderwerp: Re: [PacketFence-users] Role-Based CLI Access I’m also interested in this setup. Does anyone have a working example? From: Mr.Pine via PacketFence-users <[email protected]<mailto:[email protected]>> Sent: Saturday, October 15, 2022 1:48 AM To: [email protected]<mailto:[email protected]> Cc: Mr.Pine <[email protected]<mailto:[email protected]>> Subject: [PacketFence-users] Role-Based CLI Access CAUTION: This email originated from outside of Jordan's. Hi, I want to know if pf can manage Role-Based CLI Access for cisco switch. for example define what commands are accepted and what configuration information is visible for users Any ideas?!
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
