Access to the GS2220 switch with radius authentication

Hi @Slava,

Thank you for reaching out to the Zyxel Community regarding RADIUS authentication for your GS2220-10 switch. I understand you're encountering an issue where authorization is successful, but the privilege level is showing as 0, and you're looking for the correct vendor-specific settings to achieve Level 15 privileges.

To assign the correct privilege level for RADIUS authenticated users on your Zyxel GS2220 switch (running ZyNOS F/W Version V5.00), you need to use a specific Zyxel Vendor-Specific Attribute (VSA).

Here's a step-by-step guide to configure this on your Windows NPS server:

• Zyxel Vendor ID: The vendor ID for Zyxel is 890.
• Attribute String: You need to create a new attribute string named "Zyxel-Privilege-AVPair".
• Attribute ID: The attribute ID for "Zyxel-Privilege-AVPair" is 3.
• Attribute Value: To set the privilege level to 15, the value for this attribute should be shell:priv-lvl=15.

Here are the general steps to apply this within your Windows NPS configuration:

1. In your Network Policy, under "Vendor Specific" attributes, select "Vendor Specific" and then "Add".
2. Choose "Enter Vendor Code" and input 890.
3. Select "Yes. It conforms" and then "Configure Attribute".
4. Add a new Vendor-assigned attribute. Set the attribute number to 3.
5. Set the Attribute format to "String".
6. In the Attribute value field, enter shell:priv-lvl=15.

If you continue to experience issues after applying these settings, please provide the following information to help us further diagnose the problem:

• A screenshot of your complete RADIUS server network policy settings for the Zyxel switch, specifically showing the Vendor Specific attributes.
• The full configuration file of your GS2220-10 switch.
• Packet captures of the RADIUS authentication process from your NPS server to verify the attributes being sent and received.