How to allow RADIUS admin to login the switch? (by Windows Server)

Options
Zyxel_Adam
Zyxel_Adam Posts: 340  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited January 29 in Network Security

In the following example, we will only provide the necessary settings on the NPS of Windows Server 2019. If you haven't finished the switch settings, please check this article to complete.

Topology

Configuration of NPS

1. Set RADIUS Clients to 10.214.36.29 with shared secret 12345678.

2. Create your user account in "Active Directory Users and Computers". We will use zyuser as an example.

3. Add a login attribute to the Network policies of NPS.

(Please make sure that the login account (zyuser) is contained in the Windows Groups that you specified in the Conditions tab of NPS policy)

4. Create a new attribute string: “Zyxel-Privilege-AVPair” whose attribute ID is “3”. The vendor ID of Zyxel is “890” on the same Network policy.

Zyxel-Privilege-AVPair(3)

shell:priv-lvl=14

Verifications:

  • Telnet or SSH from the customer to the switch
  • Check packet replied from the Windows Server

What could go wrong

If you always fail to authenticate, check the Event Viewer on Windows Server to see what is the reason. For instance:

Adam