NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Akhavi's avatar
Akhavi
Follower
Oct 05, 2023

M4350 entering privileged exec mode (enable) via RADIUS

Hello everyone,   My team recently received some M4350 fully managed switches and we're having some trouble entering the privileged exec mode while using RADIUS via a Windows NPS.   We're able to...
Troubleshooting
schumaku's avatar
schumaku
Guru - Experienced User
Oct 08, 2023

In general RADIUS terms, I'm missing the Vendor Specific attributes (VSA) here, like the admin group membership, the re-auth times, ... Without configuring vendor-specific attributes for the group of the account, it belongs to the type “User” when you go to check the logged-in users, and you can't elevate the privilege.

 

Completely missing these attributes for user groups and/or privileges in https://kb.netgear.com/000064865/What-are-the-supported-RADIUS-attributes-for-NETGEAR-Fully-Managed-switches  

 

Some traces (incomplete for this purpose IMHO) seem to exist with some Netgear switch implementation https://kb.netgear.com/22014/What-is-Remote-Authentication-Dial-In-User-Service-RADIUS-user-configuration-and-how-does-it-work-with-my-managed-switch 

 

What I have in mind - what works with my preferred security appliance products - is this -> https://support.zyxel.eu/hc/en-us/articles/360000705220-How-to-get-different-privileges-by-RADIUS-authentication 

 

I could be completely wrong however, LaurentMa please advise - I have no such high end switches in my test farm.

 

 

 

 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More