Answer the question
In order to leave comments, you need to log in
Z
Z
zwoelf2018-09-27 14:19:56
zwoelf, 2018-09-27 14:19:56
How to disable authentication framed-users service-type login-user in cisco?
The point is this.
/etc/freeradius/users
# Test login user
login Cleartext-Password := "justtest"
Service-Type = Login-User,
Cisco-AVPair := "shell:priv-lvl=15"
# Test PPP user
test Cleartext-Password := "justtest"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.25.65On a cisco (2800):
aaa authentication login default group services local
aaa authentication ppp remote group services
aaa authorization network remote group services if-authenticated
!
aaa group server radius services
server name service
ip vrf forwarding core
ip radius source-interface GigabitEthernet0/1.20
!
radius server service
address ipv4 192.168.24.130 auth-port 1812 acct-port 1813
!With this config, I can log into the device with the test user, which is highly undesirable.
Somewhere, either in the cisco, there was a command, or a directive in the freeradius, the values of which ended in match-all or match-any, it looks like this is what I need, but I don’t remember the command, I can’t google it =(
Similar questions
N
A
S
D
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question