NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
SSH and HTTPS admin control
Hello there I am using the OOB port to manage the switch I am struggling to get enable access over SSH using 802.1x. I have configured SSH / HTTPS to use Radius - I can access the console via p...
Depending on your RADIUS Server (i.e. FreeRADIUS or NPS) you'll not only have to return ACCESS-ACCEPT or ACCESS-REJECT but also return an additional reply telling the switch that the user is not only granted access but with admin privileges.
This is not so well-documented on Netgear's side but you can simply return "Service-Type = Administrative-User" but also the Cisco-variant works. Here is an sanitized example of my config in FreeRADIUS in the post-auth Section - in my case I'm using LDAP as backend and checking an LDAP group membership:
post-auth {
# Only members of the Network Admins are allowed
if (LDAP-Group == "Network-Admins") {
# Getting authorized requires informing the
# (Netgear) device about privilege level.
# Depending on the config only with this additional
# reply message one gets authorized as admin on the shell.
# Both seeme to work on Netgear, but Administrative-User is
# more vendor-neutral.
update reply {
Service-Type = Administrative-User
Cisco-AVpair = "shell:priv-lvl=15"
}
noop
}
# No-one else is allowed.
else {
reject
}Hope this helps :-)
Thank you for the speedy reply and the right information
Much appreciated
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
