Radius - Read only login

[jfrawley]

Would really like to add a read only user account to my switches for techs who do not need to make changes but simply check voltage or port status.

In conjunction I found with radius (we use pppoe for our clients fyi) that if I enable it then any of the usernames and passwords in my radius db will auth and give full access to the switch :( scary

Anything coming in near future for at least a read only user account? Please and thank you!

Jason

[Stephen]

I will have to investigate how we would do something like this. In the mean time, you should be able to get this information from snmp so could you have your technician's use an snmp based tool to monitor these value's?

[mike99]

https://freeradius.org/rfc/rfc5607.html ... lege-Level

Privilege Level is vendor specific. I think he would like privilege level (0) to be without any access since, if I understand well, he share the same radius server for customers authentification and employees authentification. That don't seem best practice.

From this forum, Cisco privilage level 0 give accces to disable, enable, exit, help, and logout commands. That's not much but still an access I would not like my customer to have with their PPPoE username and password.
https://community.cisco.com/t5/policy-a ... -p/1087452