And I want to use it purely as a RADIUS authentication server to manage my network devices. Nothing fancy like hotspot or CRM etc...
And I have a lot of Cisco Nexus switches in my core. Excellent switches I must admit.
Also I like so far how user-manager works. Much better than our previous freeradius/LDAP contraption that we have previously experimented with. How do I get Mikrotik User-manager to work nicely together with Cisco NXOS?
However I am having trouble using user-manager with our Nexus switches. I can authenticate to the switch, but it is hard coded to give me write only 'network-operator' privileges instead of 'network-admin' privileges by default. And I need 'network-admin' privileges(or 'full' privileges in Mikrotik terms). As far as I know there is no way to chenge this default. However it is possible to get those privileges by pushing a RADIUS attribute. The RADIUS attribute is supposed to be called 'Cisco-AVPair', I think?
So far I have configured it like this(attachment picture 1). I don't know if this is correct, can you help? Code:
And I have configured the RADIUS user like this, obviously redacted:
/user-manager attribute add name=Cisco-AVPair type-id=26 value-type=string vendor-id=Cisco
Picture 2 in the attachemnt is this... Also I don't know if this part is correct either. EDIT, My radius configuration on my test Nexus switch:
/user-manager user add attributes="Cisco-AVPair:= \"shell:roles*\\\"network-admin vdc-admin\\\"\"" name=XYZ shared-users=unlimited
radius-server host 184.108.40.206 key 7 "somekey" authentication accounting timeout 1 radius-server host 220.127.116.11 key 7 "somekey" authentication accounting radius-server directed-request aaa group server radius RADIUS server 18.104.22.168 server 22.214.171.124 aaa authentication login default fallback error local aaa authentication login default group RADIUS